Mailing List Archive: Apache: Users

HTTP OPTIONS and auth issues

Index | Next | Previous | View Threaded

John.DAusilio at mlp

Feb 14, 2008, 9:55 AM

Post #1 of 5 (227 views)
Permalink

HTTP OPTIONS and auth issues

I've got a tomcat app with apache (2.2) in front of it. Apache handles
the auth through LDAP and requires membership in a specific group. One
of the app features allows the user to generate an csv file from some
data and download it. When this download fires with an IE client, the
browser also issues an HTTP OPTIONS request against / which fails with a
401 and pops the auth dialog again. Users can just cancel that dialog
and proceed, but I'd rather it didn't appear at all! Is there some way
to configure apache to route OPTIONS requests to the bit-bucket? Is it
Apache or really Tomcat that's generating the 401? Any hints/clues
appreciated!

jd

######################################################################
The information contained in this communication is confidential and
may contain information that is privileged or exempt from disclosure
under applicable law. If you are not a named addressee, please notify
the sender immediately and delete this email from your system.
If you have received this communication, and are not a named
recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited.
######################################################################

John.DAusilio at mlp

Feb 14, 2008, 10:10 AM

Post #2 of 5 (194 views)
Permalink

RE: HTTP OPTIONS and auth issues [In reply to]

Should also mention .. the OPTIONS request comes in *without* a user,
hence the 401 ..

====

I've got a tomcat app with apache (2.2) in front of it. Apache handles
the auth through LDAP and requires membership in a specific group. One
of the app features allows the user to generate an csv file from some
data and download it. When this download fires with an IE client, the
browser also issues an HTTP OPTIONS request against / which fails with a
401 and pops the auth dialog again. Users can just cancel that dialog
and proceed, but I'd rather it didn't appear at all! Is there some way
to configure apache to route OPTIONS requests to the bit-bucket? Is it
Apache or really Tomcat that's generating the 401? Any hints/clues
appreciated!

jd

######################################################################
The information contained in this communication is confidential and
may contain information that is privileged or exempt from disclosure
under applicable law. If you are not a named addressee, please notify
the sender immediately and delete this email from your system.
If you have received this communication, and are not a named
recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited.
######################################################################

joshua at slive

Feb 14, 2008, 10:29 AM

Post #3 of 5 (196 views)
Permalink

Re: HTTP OPTIONS and auth issues [In reply to]

On Thu, Feb 14, 2008 at 12:55 PM, D'Ausilio, John <John.DAusilio[at]mlp.com> wrote:
>
>
>
>
> I've got a tomcat app with apache (2.2) in front of it. Apache handles the
> auth through LDAP and requires membership in a specific group. One of the
> app features allows the user to generate an csv file from some data and
> download it. When this download fires with an IE client, the browser also
> issues an HTTP OPTIONS request against / which fails with a 401 and pops the
> auth dialog again. Users can just cancel that dialog and proceed, but I'd
> rather it didn't appear at all! Is there some way to configure apache to
> route OPTIONS requests to the bit-bucket? Is it Apache or really Tomcat
> that's generating the 401? Any hints/clues appreciated!

You could try wrapping your auth directives in a <LimitExcept OPTIONS>
... </LimitExcept>.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org

John.DAusilio at mlp

Feb 14, 2008, 10:40 AM

Post #4 of 5 (195 views)
Permalink

RE: HTTP OPTIONS and auth issues [In reply to]

Excellent! Works like a charm! Thanks kindly!!

jd

-----Original Message-----
From: jslive[at]gmail.com [mailto:jslive[at]gmail.com] On Behalf Of Joshua
Slive
Sent: Thursday, February 14, 2008 1:29 PM
To: users[at]httpd.apache.org
Subject: Re: [users[at]httpd] HTTP OPTIONS and auth issues

On Thu, Feb 14, 2008 at 12:55 PM, D'Ausilio, John
<John.DAusilio[at]mlp.com> wrote:
>
>
>
>
> I've got a tomcat app with apache (2.2) in front of it. Apache handles
the
> auth through LDAP and requires membership in a specific group. One of
the
> app features allows the user to generate an csv file from some data
and
> download it. When this download fires with an IE client, the browser
also
> issues an HTTP OPTIONS request against / which fails with a 401 and
pops the
> auth dialog again. Users can just cancel that dialog and proceed, but
I'd
> rather it didn't appear at all! Is there some way to configure apache
to
> route OPTIONS requests to the bit-bucket? Is it Apache or really
Tomcat
> that's generating the 401? Any hints/clues appreciated!

You could try wrapping your auth directives in a <LimitExcept OPTIONS>
... </LimitExcept>.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org

######################################################################
The information contained in this communication is confidential and
may contain information that is privileged or exempt from disclosure
under applicable law. If you are not a named addressee, please notify
the sender immediately and delete this email from your system.
If you have received this communication, and are not a named
recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited.
######################################################################

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org

nick at webthing

Feb 14, 2008, 3:37 PM

Post #5 of 5 (196 views)
Permalink

Re: RE: HTTP OPTIONS and auth issues [In reply to]

On Thu, 14 Feb 2008 13:10:55 -0500
"D'Ausilio, John" <John.DAusilio[at]mlp.com> wrote:

> Should also mention .. the OPTIONS request comes in *without* a user,
> hence the 401 ..

Why not just <Limit Options>, and either unconditionally allow it
or return a canned response?

--
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe[at]httpd.apache.org
" from the digest: users-digest-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: users-help[at]httpd.apache.org

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com