Greetings... I went to download a file I'd stashed away on a machine at work running Website Pro 1.1h, with HTTP-Authentication required to access the site at all. I mistyped the name and to my astonishment got a 404 error. This only surprised me because I had just started the browser, and had not yet been prompted for a username and password (Authentication-basic style). Problem: You can remotely check for existence of files and directory structures on a machine running Web Site Pro 1.1. Observe: Here we will try to access index.html, a file which exists on the protected host. thunder:~$ telnet protected.host.com 80 Trying 1.2.3.4... Connected to protected.host.com. Escape character is '^]'. GET / HTTP/1.0 HTTP/1.0 401 Unauthorized Date: Fri, 24 Apr 1998 09:33:46 GMT Server: WebSitePro/1.1h Accept-ranges: bytes WWW-Authenticate: Basic realm="Web Server" Content-length: 156 <HTML><HEAD><TITLE>Authorization Required</TITLE></HEAD> <BODY><H1>Authorization Required</H1> Authentication (Basic) failed or was missing. </BODY></HTML> Connection closed by foreign host. ****** Now we try to access a file that does *not* exist. thunder:~$ telnet protected.host.com 80 Trying 1.2.3.4... Connected to protected.host.com. Escape character is '^]'. GET /nothere.html HTTP/1.0 HTTP/1.0 404 Not Found Date: Fri, 24 Apr 1998 09:35:42 GMT Server: WebSitePro/1.1h Accept-ranges: bytes Content-type: text/html Content-length: 207 <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD> <BODY><H1>404 Not Found</H1> The requested URL was not found on this server:<P><CODE>/nothere.html<P>(C:/WebS ite/htdocs/nothere.html)</CODE><P> </BODY></HTML> Connection closed by foreign host. ***** No mention whatsoever of Authentication, the server spewed forth a 404 document, gleefully stating the file we want isn't there. The same situation posed under Apache 1.2.5 returns a '401 Unauthorized' in either situation. Contacted O'Reilly, awaiting response.... -Matt
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:51:08 PDT