>Number: 3838 >Category: general >Synopsis: Netscape browsers looping on authentication when using alias >names >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Thu Feb 4 14:50:01 PST 1999 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.3 >Environment: Sun Solaris 2.6 >Description: We are upgrading to newer release of Netscape and have run into an authentication problem. We set up our Apache server with Virtual hosts for many applications. Each virtual host has a fully qualifies address and an alias (ex: abc.pfizer.com and abc) Each virtual host is defined in httpd.conf with the ServerAlias also defined. Versions of Netscape up to version 4.0.5 worked fine, I could go to abc.pfizer.com and authenticate and then if I went to abc, the alias would resolve and I've never had an issue. At Netscape version 4.0.6 if I go the fully qualified host (abc.pfizer.com) and authenticate and then go to the alias (abc) the server and the browser begin to thrash back and forth. The server sends a 401 but browser does not send back the authentication info. I'm inclined to blame the browser because it is not sending back the auth info however, when I use Netscape 4.0.6 to access an IIS (sorry we do have a couple of these) server in the same manner, I don't get the same problem. Could I have my server configured incorrectly? Have you seen this before. Could Apache be asking the browser the wrong question? By the way, if I go to the alias first and then to the fully qualified address and then back to the alias, it works fine. >How-To-Repeat: create an apache web site with an .htaccess file with both a fully qualified address and an alias. With Netscape 4.5 access the site first using the fully qualified address. Next try and access the alias and enjoy watching the browser and server argue over what the other should be providing. >Fix: I've tried all sorts of conf permutations and none seems to work. >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
