Actually there is much bigger bugs in design here..
proxy authentication is a hop-by-hop header, and is not allowed to be
blindly forwarded as it is today. For proper operation there should be
cache_peer options for forwarding of this header, and a global option
for accelerators (default on).
The logic with looking at if the header was used or not is quite
dangerous.
/Henrik
Robert Collins wrote:
>
> In aclMatchAcl, for the ACL_PROXY_AUTH and ...REGEX cases, we set
> r->flags.used_proxy_auth. We set this even if we are runnning
> auth_on_acceleration and the header we used was the Authorisation header
> instead of the proxy_auth header. I think the r->flags.used_proxy_auth =1
> line should in the code block where the header is actually used. However I
> haven't looked through all the code that checks the flags....
>
> Rob
Received on Fri Nov 10 2000 - 02:02:29 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:12:57 MST