Greetings...
I went to download a file I'd stashed away on a machine at work
running Website Pro 1.1h, with HTTP-Authentication required to
access the site at all. I mistyped the name and to my astonishment
got a 404 error. This only surprised me because I had just started
the browser, and had not yet been prompted for a username and
password (Authentication-basic style).
Problem: You can remotely check for existence of files and
directory structures on a machine running Web Site Pro 1.1.
Observe: Here we will try to access index.html, a file which exists on
the protected host.
thunder:~$ telnet protected.host.com 80
Trying 1.2.3.4...
Connected to protected.host.com.
Escape character is '^]'.
GET / HTTP/1.0
HTTP/1.0 401 Unauthorized
Date: Fri, 24 Apr 1998 09:33:46 GMT
Server: WebSitePro/1.1h
Accept-ranges: bytes
WWW-Authenticate: Basic realm="Web Server"
Content-length: 156
<HTML><HEAD><TITLE>Authorization Required</TITLE></HEAD>
<BODY><H1>Authorization Required</H1>
Authentication (Basic) failed or was missing.
</BODY></HTML>
Connection closed by foreign host.
******
Now we try to access a file that does *not* exist.
thunder:~$ telnet protected.host.com 80
Trying 1.2.3.4...
Connected to protected.host.com.
Escape character is '^]'.
GET /nothere.html HTTP/1.0
HTTP/1.0 404 Not Found
Date: Fri, 24 Apr 1998 09:35:42 GMT
Server: WebSitePro/1.1h
Accept-ranges: bytes
Content-type: text/html
Content-length: 207
<HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD>
<BODY><H1>404 Not Found</H1>
The requested URL was not found on this
server:<P><CODE>/nothere.html<P>(C:/WebS
ite/htdocs/nothere.html)</CODE><P> </BODY></HTML>
Connection closed by foreign host.
*****
No mention whatsoever of Authentication, the server spewed forth a
404 document, gleefully stating the file we want isn't there. The
same situation posed under Apache 1.2.5 returns a '401 Unauthorized'
in either situation.
Contacted O'Reilly, awaiting response....
-Matt
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:51:08 PDT