When using digest authentication, a URL request including a query_string is not handled properly. Apache returns: Bad Request Your browser sent a request that this server could not understand. The error log contains a message like: Digest: uri mismatch - </mysite/test.htm> does not match request-uri </mysite/test.htm?something> When disabling digest authentication it works as expected. Regards, Henk.
This is a known bug in MSIE. See, for example, http://www.apacheweek.com/issues/02-12-20#dev It is even documented in apache: http://httpd.apache.org/docs-2.0/mod/mod_auth_digest.html#using There is a patch to hack-around the MSIE bug: http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=105510860505665&w=2 But there was never a developer concensus on whether patching around MSIE's problems was a good idea. I'll leave this bug open to see if anyone's opinion has changed. I personally think the work-around is a good idea.
I think it would be a good idea to provide msie support here if msie 6 is still broken. that said, I'm not too sure that I like the proposed patch. it's fine, but I feel in my gut that we shouldn't be messing with the digest algorithm proper - there's nothing to protect against a mismatched query string in this case, even though it's still important. but I like the BrowserMatch approach I think the solution I'd rather see is constructing the compared uri from uri+query if the hack is set, keeping the query as part of the comparison. I'll work on an alternative patch and move the discussion to httpd-dev if there is some consensus that my approach has merit.
solution applied to 2.1, pending review for backport to 2.0 http://marc.theaimsgroup.com/?l=apache-cvs&m=108005027128025&w=2
commited to 2.0.51-dev.