>Number: 355 >Category: config >Synopsis: ErrorDocument 401 skips authorization request >Confidential: no >Severity: serious >Priority: medium >Responsible: apache (Apache HTTP Project) >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Thu Apr 10 13:10:01 1997 >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.2B7 and 1.2B8 >Environment: Digital UNIX 4.0B using packed cc compiler. >Description: If you specify a 401 ErrorDocument, the user is never prompted for a username and password. Instead, the URL specified for a 401 error is immediately shown. This is the same problem reported in bug 221 in the bug database but was unresolved. >How-To-Repeat: To reproduce, create a directory such as ~/user/public_html/test and place this .htaccess in that directory:
<Limit GET> Authname test AuthType Basic AuthUserFile /www/.databases/passwd require valid-user errordocument 401 http://www.wpi.edu/Academics/EvalSorry.html </Limit> Point your browser at http://server/~user/test/ and you will not be asked for a username and password, instead you will be shown the URL given above. Without the ErrorDocument line above. you will be asked for a username and password and if you can't supply a valid one you will be given an Apache generated 401 error. >Fix: >Audit-Trail: >Unformatted:
