The following reply was made to PR mod_auth-any/831; it has been noted by GNATS.
From: Marc Slemko <[EMAIL PROTECTED]> To: David Saez Padros <[EMAIL PROTECTED]> Subject: Re: mod_auth-any/831: Not prompting for username/password when defining ErrorDocument Date: Mon, 7 Jul 1997 13:35:24 -0600 (MDT) On Mon, 7 Jul 1997, David Saez Padros wrote: > The problem is that I'm hosting virtual hosts in each machine and > would like to have error responses for each virtual server and > machine to be the same html file. If I make error responses to > be relative I have to redirect it to the apropiate url, and do > the same each time I add a virtual server. The only solution I can think of offhand would be a global alias that mapped a certain path under each virtual domain to the main server. > > BTW, it does not look too clear to me why it must happens The normal way of notifiying a client that authorization is required is to send a 401 response. That notifies the client that authorization is required. The normal way to tell the client that authorization failed is to send another 401 with a failure message. If you have an ErrorDocument for 401 responses that points to a http:// URL, then Apache must send a redirect with a Location: header to tell the client to get that resource. That means it can't send a 401 which means the client never knows authorization is required. URLs without a method can be handled as internal redirects, without sending one to the client, avoiding this problem. In your case, since it is on the same server, it would be possible for Apache to look at the URL and figure out that it really is on the same server and do the internal rewrite, but that is a complicated issue and can be a bad thing to do.
