Angel Vera wrote: > I did some research and people reported a problem with mod_jk 1.2.24, but > they said it was going to be fixed in 1.2.25, I am using 1.2.26 and I am > still experiencing the same problem. > > I can directly access tomcat 'manager' application and I get prompted, but > when I try to access the application through apache2, I never get prompted > and I can see in the mod_jk log: > > [Fri Sep 05 07:56:20 2008] [22723:3067476880] [info] jk_handler::mod_jk.c > (2341): No body with status=401 for worker=ajp13 > > I am using: > > Apache/2.2.8 > mod_jk 1.2.26, and > ModSecurity for Apache/2.5.5
Hi all, This was sent to the tomcat users list, but it seems now more appropriate for the dev list. Basically, I found that mod_jk is sending only a FLUSH bucket after the response body is sent. ModSecurity is waiting for a EOS bucket, but never gets it. For some as-of-yet unknonwn reason httpd issues the default (compiled in) "401 Unauthorized" response when this happens. This looses the WWW-Authentication header and thus no prompt for authentication. While it seems that the use of ModSecurity (an output filter that must buffer all data) causes this to happen, it is still not clear whether it is a mod_jk issue or a mod_security2 issue. Why would an EOS bucket never be received from mod_jk by an output filter? Is there a way to avoid this in the config? Please see the ModSecurity ticket for more details: https://www.modsecurity.org/tracker/browse/MODSEC-16 thanks, -B -- Brian Rectanus ModSecurity Developer --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
