DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=29257>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=29257 Problem with apache-1.3.31 and mod_frontpage (dso, official FreeBSD port). Summary: Problem with apache-1.3.31 and mod_frontpage (dso, official FreeBSD port). Product: Apache httpd-1.3 Version: HEAD Platform: PC OS/Version: FreeBSD Status: NEW Severity: Normal Priority: Other Component: Other AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] I was in the process of trying to upgrade to apache-1.3.31 today. You should know we use the DSO mod_frontpage built from the FreeBSD ports system, which is based on the original "improved mod_frontpage" and further improved to support FP2002 as well as security fixes. When doing the intial authentication from Frontpage, when using 1.3.29 (which works flawlessly) you see this in the access log: 216.127.136.116 - - [27/May/2004:14:25:01 -0400] "GET /_vti_inf.html HTTP/1.1" 200 1754 216.127.136.116 - - [27/May/2004:14:25:01 - 0400] "POST /_vti_bin/shtml.exe/_vti_rpc HTTP/1.1" 200 240 216.127.136.116 - - [27/May/2004:14:25:01 - 0400] "POST /_vti_bin/_vti_aut/author.exe HTTP/1.1" 401 480 216.127.136.116 - spagma [27/May/2004:14:25:05 - 0400] "POST /_vti_bin/_vti_aut/author.exe HTTP/1.1" 200 2481 When using apache 1.3.31, I get this: 16.127.136.116 - - [27/May/2004:14:00:00 -0400] "OPTIONS / HTTP/1.1" 200 - 216.127.136.116 - - [27/May/2004:14:00:00 -0400] "GET /_vti_inf.html HTTP/1.1" 200 1754 216.127.136.116 - - [27/May/2004:14:00:00 - 0400] "POST /_vti_bin/shtml.exe/_vti_rpc HTTP/1.1" 200 240 216.127.136.116 - - [27/May/2004:14:00:00 - 0400] "POST /_vti_bin/_vti_aut/author.exe HTTP/1.1" 401 480 216.127.136.116 - - [27/May/2004:14:00:00 -0400] "method=open+service%3a4%2e0% 2e2%2e4715&service%5fname=%2f" 501 - And in the error log: [Thu May 27 13:32:06 2004] [error] [client 216.127.136.116] Invalid method in request method=open+service%3a4%2e0%2e2%2e4715&service%5fname=%2 Not being an expert on the apache code, I would assume this has something to do with the fact that the frontpage auth packets have a <CRLF><CRLF> in the middle of the header, and thus apache is seeing the rest of the header as a new request. I'm assuming you guys were addressing a potential security issue, or whatnot. All I know is the DSO works on 1.3.29 and not 1.3.31, and since I like your software so much I thought I'd pass it along, so hopefully it can be addressed in a later build. Thanks! --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
