https://bz.apache.org/bugzilla/show_bug.cgi?id=59237
Bug ID: 59237
Summary: http2 breaks external auth after a few successful
requests
Product: Apache httpd-2
Version: 2.4.18
Hardware: PC
OS: Linux
Status: NEW
Severity: critical
Priority: P2
Component: mod_http2
Assignee: [email protected]
Reporter: [email protected]
I have found that when using HTTP2 in Apache 2.4.18 mod_authnz_external will
break after a few (5-20) requests* even though it worked fine for those first
ones. Suddenly some request is unauth. 401 and re-auth does not work anymore
(using correct password!). Tested using Opera and Firefox. It does not happen
when using HTTP1.1 (disable in Apache or use IE) or when using Apache builtin
auth (e.g. Digest). It appears to happen when a lot of requests are made by the
browser (maybe additional h2 streams are opened or some other pipelining
causing race conditions?).
Protocols h2 http/1.1 # h2 breaks ext. auth - http1.1 OR builtin auth
digest works
DefineExternalAuth unixuser pipe /usr/sbin/pwauth
AuthType Basic
AuthName blah
AuthBasicProvider external
AuthExternal unixuser
Require valid-user
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
