DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12911>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12911 WWW-Authenticate header lost when reverse-proxying with ProxyErrorOverride On Summary: WWW-Authenticate header lost when reverse-proxying with ProxyErrorOverride On Product: Apache httpd-2.0 Version: 2.0.40 Platform: All OS/Version: Other Status: NEW Severity: Normal Priority: Other Component: mod_proxy AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] With 'ProxyErrorOverride On', mod_proxy incorrectly fails to pass the WWW- Authenticate header through to the client on 401 responses from the origin server. It seems the problem is that ap_send_error_response() clears r->headers_out, while ap_proxy_http_process_response() does not copy the WWW-Authenticate header into r->err_headers_out. A patch which fixes this follows. (Note re the second passage of the patch: If we don't discard the request body that accompanied the 401 response, it is still there on the socket when auth succeeds... and is therefore prepended, in it's raw chunked glory, when the actual content page from the origin server is served to the client. Thus we must discard the request body prior to exiting from ap_proxy_http_process_response() on 401 responses with ProxyErrorOverride On. Note that this patch appears to correct the problem, but has NOT yet received extensive testing. *** modules/proxy/proxy_http.c.orig Thu Sep 19 14:47:51 2002 --- modules/proxy/proxy_http.c Thu Sep 19 17:38:36 2002 *************** *** 863,868 **** --- 863,879 ---- } } + if ((r->status == 401) && (conf->error_override != 0)) { + const char *buf; + const char *wa = "WWW-Authenticate"; + if (buf = apr_table_get(r->headers_out, wa)) { + apr_table_set(r->err_headers_out, wa, buf); + } else { + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, + "proxy: origin server sent 401 without w-a header"); + } + } + r->sent_bodyct = 1; /* Is it an HTTP/0.9 response? If so, send the extra data */ if (backasswards) { *************** *** 969,974 **** --- 980,986 ---- */ int status = r->status; r->status = HTTP_OK; + ap_discard_request_body(rp); return status; } } else --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
