With 'ProxyErrorOverride On', mod_proxy incorrectly fails to pass the WWW-
Authenticate header through to the client on 401 responses from the origin 
server.

It seems the problem is that ap_send_error_response() clears 
r->headers_out, while ap_proxy_http_process_response() does not copy 
the WWW-Authenticate header into r->err_headers_out.

A patch which fixes this follows.

(Note re the second passage of the patch: If we don't discard the request body 
that accompanied the 401 response, it is still there on the socket when auth 
succeeds... and is therefore prepended, in it's raw chunked glory, when the 
actual content page from the origin server is served to the client.  Thus we 
must discard the request body prior to exiting from 
ap_proxy_http_process_response() on 401 responses with ProxyErrorOverride On.

Note that this patch appears to correct the problem, but has NOT yet received 
extensive testing.

*** modules/proxy/proxy_http.c.orig     Thu Sep 19 14:47:51 2002
--- modules/proxy/proxy_http.c  Thu Sep 19 17:38:36 2002
***************
*** 863,868 ****
--- 863,879 ----
              }
          }
  
+       if ((r->status == 401) && (conf->error_override != 0)) {
+           const char *buf;
+           const char *wa = "WWW-Authenticate";
+           if (buf = apr_table_get(r->headers_out, wa)) {
+               apr_table_set(r->err_headers_out, wa, buf);
+           } else {
+               ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
+                            "proxy: origin server sent 401 without w-a 
header");
+           }
+       }
+ 
          r->sent_bodyct = 1;
          /* Is it an HTTP/0.9 response? If so, send the extra data */
          if (backasswards) {
***************
*** 969,974 ****
--- 980,986 ----
               */
              int status = r->status;
              r->status = HTTP_OK;
+           ap_discard_request_body(rp);
              return status;
          }
      } else