Re: [PATCH] WWW-Authenticate header lost when reverse-proxying
[EMAIL PROTECTED] wrote: *** *** 969,974 --- 980,986 */ int status = r-status; r-status = HTTP_OK; + ap_discard_request_body(rp); return status; } } else How does this part fit into the bugfix? (Doesn't seem related to the bug to me, but then I haven't looked at it that closely, just wondering) If we don't discard the request body that accompanied the 401 response, it is still there on the socket when auth succeeds... and is therefore prepended, in it's raw chunked glory, when the actual content page from the origin server is served to the client.
WWW-Authenticate header lost when reverse-proxying
(Correction to previous posting: This error *only* occurs with
`ProxyErrorOverride On'.)
When operating as a reverse proxy, with `ProxyErrorOverride On',
mod_proxy incorrectly fails to pass through the WWW-Authenticate
response header on 401 responses.
It seems the problem is that ap_send_error_response() clears
r-headers_out, while ap_proxy_http_process_response() does not copy
the WWW-Authenticate header into r-err_headers_out.
A patch which fixes this follows. Note that this has NOT received
extensive testing.
*** modules/proxy/proxy_http.c.orig Thu Sep 19 14:47:51 2002
--- modules/proxy/proxy_http.c Thu Sep 19 17:38:36 2002
***
*** 863,868
--- 863,879
}
}
+ if ((r-status == 401) (conf-error_override != 0)) {
+ const char *buf;
+ const char *wa = WWW-Authenticate;
+ if (buf = apr_table_get(r-headers_out, wa)) {
+ apr_table_set(r-err_headers_out, wa, buf);
+ } else {
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r-server,
+proxy: origin server sent 401 without w-a
header);
+ }
+ }
+
r-sent_bodyct = 1;
/* Is it an HTTP/0.9 response? If so, send the extra data */
if (backasswards) {
***
*** 969,974
--- 980,986
*/
int status = r-status;
r-status = HTTP_OK;
+ ap_discard_request_body(rp);
return status;
}
} else
[PATCH] WWW-Authenticate header lost when reverse-proxying
Apologies for the resend; I omitted to mark this as a [PATCH].
When operating as a reverse proxy, with `ProxyErrorOverride On',
mod_proxy incorrectly fails to pass through the WWW-Authenticate
response header on 401 responses.
It seems the problem is that ap_send_error_response() clears
r-headers_out, while ap_proxy_http_process_response() does not copy
the WWW-Authenticate header into r-err_headers_out.
A patch which fixes this follows. Note that this has NOT received
extensive testing.
*** modules/proxy/proxy_http.c.orig Thu Sep 19 14:47:51 2002
--- modules/proxy/proxy_http.c Thu Sep 19 17:38:36 2002
***
*** 863,868
--- 863,879
}
}
+ if ((r-status == 401) (conf-error_override != 0)) {
+ const char *buf;
+ const char *wa = WWW-Authenticate;
+ if (buf = apr_table_get(r-headers_out, wa)) {
+ apr_table_set(r-err_headers_out, wa, buf);
+ } else {
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r-server,
+proxy: origin server sent 401 without w-a
header);
+ }
+ }
+
r-sent_bodyct = 1;
/* Is it an HTTP/0.9 response? If so, send the extra data */
if (backasswards) {
***
*** 969,974
--- 980,986
*/
int status = r-status;
r-status = HTTP_OK;
+ ap_discard_request_body(rp);
return status;
}
} else
Re: [PATCH] WWW-Authenticate header lost when reverse-proxying
[EMAIL PROTECTED] wrote: *** *** 969,974 --- 980,986 */ int status = r-status; r-status = HTTP_OK; + ap_discard_request_body(rp); return status; } } else How does this part fit into the bugfix? (Doesn't seem related to the bug to me, but then I haven't looked at it that closely, just wondering) Regards, Graham -- - [EMAIL PROTECTED]There's a moon over Bourbon Street tonight...
WWW-Authenticate header lost when reverse-proxying chunked response
The WWW-Authenticate header is being dropped from responses sent by
mod_proxy in reverse proxy mode, when the original server's response
was chunked.
The problem appears to be in ap_http_header_filter() in
modules/http/http_protocol.c, where we have:
if (r-status == HTTP_NOT_MODIFIED) {
apr_table_do((int (*)(void *, const char *, const char *))
form_header_field,
(void *) h, r-headers_out,
Connection,
Keep-Alive,
ETag,
Content-Location,
Expires,
Cache-Control,
Vary,
Warning,
WWW-Authenticate,
Proxy-Authenticate,
NULL);
}
else {
apr_table_do((int (*) (void *, const char *, const char *))
form_header_field,
(void *) h, r-headers_out, NULL);
}
I would think that in the else case at least the WWW-Authenticate
header should be handled. Are there other headers that should also be
handled here?
