There is no way for apache (or any web server) to know what domain a user's client uses to resolve unqualified addresses. This is a client-side issue... not only does it mess up www-authentication, it breaks any cookie code if you use it. You'll have to train your users to use FQDNs or have a link somewhere that takes them into your authenticated hierarchy using a FQDN.
In your case it might also be that your 403 errordoc requires auth... which of course is problematic :) Dean On Fri, 4 Apr 1997, Joanna Gaski wrote: > > >Number: 315 > >Category: config > >Synopsis: <LIMIT> causes two password queries unless given fqdn. > >Confidential: no > >Severity: non-critical > >Priority: medium > >Responsible: apache (Apache HTTP Project) > >State: open > >Class: sw-bug > >Submitter-Id: apache > >Arrival-Date: Fri Apr 4 12:20:02 1997 > >Originator: [EMAIL PROTECTED] > >Organization: > apache > >Release: 1.2b7 > >Environment: > Digital Unix 4.0B, cc compiler > >Description: > This problem occurs when using the new "satisfy any" match ability for > .htaccess > files. Using this .htaccess file in /info/test: > <Limit GET> > satisfy any > order deny,allow > deny from all > allow from bert.wpi.edu > Authname test > AuthType Basic > AuthUserFile /www/docs/info/test/passwd > require valid-user > errordocument 403 http://www.wpi.edu/Stratplan/sorry.html > </Limit> > > When a request is made for the page from another domain, Netscape queries the > user twice for their password, UNLESS the URL for the requested page contains > the server's fully qualified domain name, with the domain in all caps. In this > case, the user is only queried once. > >How-To-Repeat: > No, because you aren't in our password file. It should be easy to recreate > on another system. > >Fix: > It may be that the time it takes the webserver to qualify the domain name is > causing the problem. Another clue would be that the two password validation > boxes are different sizes, meaning that they are generated in different parts > of the code. Sorry can't help more > >Audit-Trail: > >Unformatted: > > >
