>Number: 315 >Category: config >Synopsis: <LIMIT> causes two password queries unless given fqdn. >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache (Apache HTTP Project) >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Fri Apr 4 12:20:02 1997 >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.2b7 >Environment: Digital Unix 4.0B, cc compiler >Description: This problem occurs when using the new "satisfy any" match ability for .htaccess files. Using this .htaccess file in /info/test: <Limit GET> satisfy any order deny,allow deny from all allow from bert.wpi.edu Authname test AuthType Basic AuthUserFile /www/docs/info/test/passwd require valid-user errordocument 403 http://www.wpi.edu/Stratplan/sorry.html </Limit>
When a request is made for the page from another domain, Netscape queries the user twice for their password, UNLESS the URL for the requested page contains the server's fully qualified domain name, with the domain in all caps. In this case, the user is only queried once. >How-To-Repeat: No, because you aren't in our password file. It should be easy to recreate on another system. >Fix: It may be that the time it takes the webserver to qualify the domain name is causing the problem. Another clue would be that the two password validation boxes are different sizes, meaning that they are generated in different parts of the code. Sorry can't help more >Audit-Trail: >Unformatted:
