54280 – mod_auth_form inline login not working with trailing-slash URL

Bug 54280 - mod_auth_form inline login not working with trailing-slash URL

Summary: mod_auth_form inline login not working with trailing-slash URL

Status:	NEW

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	mod_auth_form (show other bugs)
Version:	2.4.3
Hardware:	PC Linux

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-12-11 16:51 UTC by Lisa Penninger
Modified:	2017-09-08 22:01 UTC (History)
CC List:	2 users (show)

Attachments
httpd conf file for test case, put in /etc/httpd/conf.d or equiv. (806 bytes, text/plain) 2013-05-17 14:48 UTC, David Mansfield	Details
start page for test case. put in /var/www/form_auth_test (273 bytes, text/html) 2013-05-17 14:50 UTC, David Mansfield	Details
login form generator - can't see POST data. put in /var/www/form_auth_test_cgi (216 bytes, text/plain) 2013-05-17 14:51 UTC, David Mansfield	Details
alternative login handler using mod_include. put in /var/www/form_auth_test (47 bytes, text/plain) 2013-05-17 14:52 UTC, David Mansfield	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Lisa Penninger 2012-12-11 16:51:01 UTC

I'm using Apache 2.4.3, and I have mod_auth_form set up to use inline login, authenticate with LDAP and create a session cookie, and it's not working for trailing-slash URLs. I have verified that the bug also occurs in 2.5 trunk. Here is my configuration (sensitive info obscured):

	<Directory /usr/local/www/testfolder>
		Options +Indexes
		AllowOverride None
		Order allow,deny
		Allow from all
		ErrorDocument 401 /public/webapi/login/login.shtml
		AuthType form
		AuthFormProvider ldap
		AuthFormUsername userLogin
		AuthFormPassword userPassword
		AuthName "Test Login"
		AuthLDAPURL XXX
		AuthLDAPBindDN XXX
		AuthLDAPBindPassword XXX
               Session On
               SessionCookieName session path=/
		Require valid-user
	</Directory>

I have two situations:

   1) Clear all cookies. Access any URL under /testfolder that does not have a trailing slash (e.g., /testfolder), and authenticate. Authentication works and the cookie is created, and everything, including trailing-slash URLs, will now work as long as the session is valid. (SUCCESS)

   2) Clear all cookies. Access any URL under /testfolder ending in a trailing slash (e.g., /testfolder/). Authentication works and the cookie is created, but the server returns 404. (FAILURE!)

I feel that things must be set up correctly, since everything works if you already have a cookie. Could this be a bug?  The logs for the two requests look the same up until authentication occurs, where we see in case 1:

   [Fri Dec 07 16:55:18.242765 2012] [core:trace3] [pid 14004:tid 139641886463744] request.c(311): [client 10.20.20.3:55349] fixups hook gave 301: /testfolder, referer: https://trails01.clinipace.net:8443/testfolder
   [Fri Dec 07 16:55:18.242782 2012] [auth_form:trace6] [pid 14004:tid 139641886463744] mod_auth_form.c(531): [client 10.20.20.3:55349] from notes: user: (null), pw: (null), method: (null), mimetype: (null), referer: https://trails01.clinipace.net:8443/testfolder
   [Fri Dec 07 16:55:18.242855 2012] [authnz_ldap:debug] [pid 14004:tid 139641886463744] mod_authnz_ldap.c(501): [client 10.20.20.3:55349] AH01691: auth_ldap authenticate: using URL XXX
   [Fri Dec 07 16:55:18.242877 2012] [authnz_ldap:trace1] [pid 14004:tid 139641886463744] mod_authnz_ldap.c(522): [client 10.20.20.3:55349] auth_ldap authenticate: final authn filter is XXX
   [Fri Dec 07 16:55:18.242931 2012] [authnz_ldap:debug] [pid 14004:tid 139641886463744] mod_authnz_ldap.c(593): [client 10.20.20.3:55349] AH01697: auth_ldap authenticate: accepting lpenninger, referer: https://trails01.clinipace.net:8443/testfolder
   [Fri Dec 07 16:55:18.242945 2012] [authz_core:debug] [pid 14004:tid 139641886463744] mod_authz_core.c(802): [client 10.20.20.3:55349] AH01626: authorization result of Require valid-user : granted, referer: https://trails01.clinipace.net:8443/testfolder
   [Fri Dec 07 16:55:18.242949 2012] [authz_core:debug] [pid 14004:tid 139641886463744] mod_authz_core.c(802): [client 10.20.20.3:55349] AH01626: authorization result of <RequireAny>: granted, referer: https://trails01.clinipace.net:8443/testfolder
   [Fri Dec 07 16:55:18.243001 2012] [core:trace3] [pid 14004:tid 139641886463744] request.c(311): [client 10.20.20.3:55349] fixups hook gave 301: /testfolder, referer: https://trails01.clinipace.net:8443/testfolder
   [Fri Dec 07 16:55:18.243097 2012] [core:debug] [pid 14004:tid 139641886463744] util_cookies.c(59): [client 10.20.20.3:55349] AH00007: ap_cookie: user 'lpenninger' set cookie: 'session=Test+Login-user=lpenninger&Test+Login-pw=XXX;path=/', referer: https://trails01.clinipace.net:8443/testfolder
   [Fri Dec 07 16:55:18.243121 2012] [http:trace3] [pid 14004:tid 139641886463744] http_filters.c(963): [client 10.20.20.3:55349] Response sent with status 301, headers:, referer: https://trails01.clinipace.net:8443/testfolder

while case 2 logs:

   [Fri Dec 07 16:53:14.105324 2012] [auth_form:trace6] [pid 14003:tid 139641911641856] mod_auth_form.c(531): [client 10.20.20.3:55316] from notes: user: (null), pw: (null), method: (null), mimetype: (null), referer: https://trails01.clinipace.net:8443/testfolder/
   [Fri Dec 07 16:53:14.105396 2012] [authnz_ldap:debug] [pid 14003:tid 139641911641856] mod_authnz_ldap.c(501): [client 10.20.20.3:55316] AH01691: auth_ldap authenticate: using URL XXX/
   [Fri Dec 07 16:53:14.105421 2012] [authnz_ldap:trace1] [pid 14003:tid 139641911641856] mod_authnz_ldap.c(522): [client 10.20.20.3:55316] auth_ldap authenticate: final authn filter is XXX/
   [Fri Dec 07 16:53:14.105465 2012] [authnz_ldap:debug] [pid 14003:tid 139641911641856] mod_authnz_ldap.c(593): [client 10.20.20.3:55316] AH01697: auth_ldap authenticate: accepting lpenninger, referer: https://trails01.clinipace.net:8443/testfolder/
   [Fri Dec 07 16:53:14.105479 2012] [authz_core:debug] [pid 14003:tid 139641911641856] mod_authz_core.c(802): [client 10.20.20.3:55316] AH01626: authorization result of Require valid-user : granted, referer: https://trails01.clinipace.net:8443/testfolder/
   [Fri Dec 07 16:53:14.105483 2012] [authz_core:debug] [pid 14003:tid 139641911641856] mod_authz_core.c(802): [client 10.20.20.3:55316] AH01626: authorization result of <RequireAny>: granted, referer: https://trails01.clinipace.net:8443/testfolder/
   [Fri Dec 07 16:53:14.105547 2012] [core:info] [pid 14003:tid 139641911641856] [client 10.20.20.3:55316] AH00129: Attempt to serve directory: /usr/local/www/testfolder/, referer: https://trails01.clinipace.net:8443/testfolder/
   [Fri Dec 07 16:53:14.105574 2012] [core:debug] [pid 14003:tid 139641911641856] util_cookies.c(59): [client 10.20.20.3:55316] AH00007: ap_cookie: user 'lpenninger' set cookie: 'session=Test+Login-user=lpenninger&Test+Login-pw=XXX;path=/', referer: https://trails01.clinipace.net:8443/testfolder/
   [Fri Dec 07 16:53:14.105590 2012] [http:trace3] [pid 14003:tid 139641911641856] http_filters.c(963): [client 10.20.20.3:55316] Response sent with status 404, headers:, referer: https://trails01.clinipace.net:8443/testfolder/

Thanks for any suggestions,
Lisa

PS
The complete logs are here:

SUCCESS, case 1:
[Fri Dec 07 16:55:11.324765 2012] [core:trace5] [pid 14763:tid 139641911641856] protocol.c(626): [client 10.20.20.3:55348] Request received from client: GET /testfolder HTTP/1.1
[Fri Dec 07 16:55:11.324895 2012] [http:trace4] [pid 14763:tid 139641911641856] http_request.c(301): [client 10.20.20.3:55348] Headers received from client:
[Fri Dec 07 16:55:11.324905 2012] [http:trace4] [pid 14763:tid 139641911641856] http_request.c(305): [client 10.20.20.3:55348]   Host: trails01.clinipace.net:8443
[Fri Dec 07 16:55:11.324909 2012] [http:trace4] [pid 14763:tid 139641911641856] http_request.c(305): [client 10.20.20.3:55348]   User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:16.0) Gecko/20100101 Firefox/16.0
[Fri Dec 07 16:55:11.324912 2012] [http:trace4] [pid 14763:tid 139641911641856] http_request.c(305): [client 10.20.20.3:55348]   Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
[Fri Dec 07 16:55:11.324916 2012] [http:trace4] [pid 14763:tid 139641911641856] http_request.c(305): [client 10.20.20.3:55348]   Accept-Language: en-US,en;q=0.5
[Fri Dec 07 16:55:11.324919 2012] [http:trace4] [pid 14763:tid 139641911641856] http_request.c(305): [client 10.20.20.3:55348]   Accept-Encoding: gzip, deflate
[Fri Dec 07 16:55:11.324922 2012] [http:trace4] [pid 14763:tid 139641911641856] http_request.c(305): [client 10.20.20.3:55348]   Connection: keep-alive
[Fri Dec 07 16:55:11.324966 2012] [rewrite:trace2] [pid 14763:tid 139641911641856] mod_rewrite.c(468): [client 10.20.20.3:55348] 10.20.20.3 - - [trails01.clinipace.net/sid#12b0370][rid#13ce710/initial] init rewrite engine with requested uri /testfolder
[Fri Dec 07 16:55:11.324980 2012] [rewrite:trace3] [pid 14763:tid 139641911641856] mod_rewrite.c(468): [client 10.20.20.3:55348] 10.20.20.3 - - [trails01.clinipace.net/sid#12b0370][rid#13ce710/initial] applying pattern '/public/.*' to uri '/testfolder'
[Fri Dec 07 16:55:11.324989 2012] [rewrite:trace1] [pid 14763:tid 139641911641856] mod_rewrite.c(468): [client 10.20.20.3:55348] 10.20.20.3 - - [trails01.clinipace.net/sid#12b0370][rid#13ce710/initial] pass through /testfolder
[Fri Dec 07 16:55:11.325632 2012] [authz_core:debug] [pid 14763:tid 139641911641856] mod_authz_core.c(802): [client 10.20.20.3:55348] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[Fri Dec 07 16:55:11.325646 2012] [authz_core:debug] [pid 14763:tid 139641911641856] mod_authz_core.c(802): [client 10.20.20.3:55348] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)
[Fri Dec 07 16:55:11.325659 2012] [auth_form:trace6] [pid 14763:tid 139641911641856] mod_auth_form.c(531): [client 10.20.20.3:55348] from notes: user: (null), pw: (null), method: (null), mimetype: (null)
[Fri Dec 07 16:55:11.325694 2012] [auth_form:trace2] [pid 14763:tid 139641911641856] mod_auth_form.c(592): [client 10.20.20.3:55348] from session: user: (null), pw: (null), site: (null)
[Fri Dec 07 16:55:11.325702 2012] [core:trace3] [pid 14763:tid 139641911641856] request.c(116): [client 10.20.20.3:55348] auth phase 'check user' gave status 401: /testfolder
[Fri Dec 07 16:55:11.325725 2012] [rewrite:trace2] [pid 14763:tid 139641911641856] mod_rewrite.c(468): [client 10.20.20.3:55348] 10.20.20.3 - - [trails01.clinipace.net/sid#12b0370][rid#13ea5c0/initial/redir#1] init rewrite engine with requested uri /public/webapi/login/login.shtml
[Fri Dec 07 16:55:11.325737 2012] [rewrite:trace3] [pid 14763:tid 139641911641856] mod_rewrite.c(468): [client 10.20.20.3:55348] 10.20.20.3 - - [trails01.clinipace.net/sid#12b0370][rid#13ea5c0/initial/redir#1] applying pattern '/public/.*' to uri '/public/webapi/login/login.shtml'
[Fri Dec 07 16:55:11.325758 2012] [rewrite:trace1] [pid 14763:tid 139641911641856] mod_rewrite.c(468): [client 10.20.20.3:55348] 10.20.20.3 - - [trails01.clinipace.net/sid#12b0370][rid#13ea5c0/initial/redir#1] pass through /public/webapi/login/login.shtml
[Fri Dec 07 16:55:11.327295 2012] [core:trace3] [pid 14763:tid 139641911641856] request.c(267): [client 10.20.20.3:55348] request authorized without authentication by access_checker hook and 'Satisfy any': /public/webapi/login/login.shtml
[Fri Dec 07 16:55:11.328080 2012] [http:trace3] [pid 14763:tid 139641911641856] http_filters.c(963): [client 10.20.20.3:55348] Response sent with status 401, headers:
[Fri Dec 07 16:55:11.328093 2012] [http:trace5] [pid 14763:tid 139641911641856] http_filters.c(970): [client 10.20.20.3:55348]   Date: Fri, 07 Dec 2012 21:55:11 GMT
[Fri Dec 07 16:55:11.328097 2012] [http:trace5] [pid 14763:tid 139641911641856] http_filters.c(973): [client 10.20.20.3:55348]   Server: Apache/2.5.0-dev (Unix) OpenSSL/0.9.8k
[Fri Dec 07 16:55:11.328102 2012] [http:trace4] [pid 14763:tid 139641911641856] http_filters.c(806): [client 10.20.20.3:55348]   Cache-Control: no-store
[Fri Dec 07 16:55:11.328108 2012] [http:trace4] [pid 14763:tid 139641911641856] http_filters.c(806): [client 10.20.20.3:55348]   Last-Modified: Fri, 07 Dec 2012 20:22:12 GMT
[Fri Dec 07 16:55:11.328111 2012] [http:trace4] [pid 14763:tid 139641911641856] http_filters.c(806): [client 10.20.20.3:55348]   ETag: \\"651-4d048f87f6e88\\"
[Fri Dec 07 16:55:11.328114 2012] [http:trace4] [pid 14763:tid 139641911641856] http_filters.c(806): [client 10.20.20.3:55348]   Accept-Ranges: bytes
[Fri Dec 07 16:55:11.328118 2012] [http:trace4] [pid 14763:tid 139641911641856] http_filters.c(806): [client 10.20.20.3:55348]   Content-Length: 1617
[Fri Dec 07 16:55:11.328121 2012] [http:trace4] [pid 14763:tid 139641911641856] http_filters.c(806): [client 10.20.20.3:55348]   Keep-Alive: timeout=5, max=100
[Fri Dec 07 16:55:11.328124 2012] [http:trace4] [pid 14763:tid 139641911641856] http_filters.c(806): [client 10.20.20.3:55348]   Connection: Keep-Alive
[Fri Dec 07 16:55:18.242406 2012] [core:trace5] [pid 14004:tid 139641886463744] protocol.c(626): [client 10.20.20.3:55349] Request received from client: POST /testfolder HTTP/1.1
[Fri Dec 07 16:55:18.242466 2012] [http:trace4] [pid 14004:tid 139641886463744] http_request.c(301): [client 10.20.20.3:55349] Headers received from client:, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.242472 2012] [http:trace4] [pid 14004:tid 139641886463744] http_request.c(305): [client 10.20.20.3:55349]   Host: trails01.clinipace.net:8443, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.242476 2012] [http:trace4] [pid 14004:tid 139641886463744] http_request.c(305): [client 10.20.20.3:55349]   User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:16.0) Gecko/20100101 Firefox/16.0, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.242480 2012] [http:trace4] [pid 14004:tid 139641886463744] http_request.c(305): [client 10.20.20.3:55349]   Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.242484 2012] [http:trace4] [pid 14004:tid 139641886463744] http_request.c(305): [client 10.20.20.3:55349]   Accept-Language: en-US,en;q=0.5, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.242487 2012] [http:trace4] [pid 14004:tid 139641886463744] http_request.c(305): [client 10.20.20.3:55349]   Accept-Encoding: gzip, deflate, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.242501 2012] [http:trace4] [pid 14004:tid 139641886463744] http_request.c(305): [client 10.20.20.3:55349]   Connection: keep-alive, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.242505 2012] [http:trace4] [pid 14004:tid 139641886463744] http_request.c(305): [client 10.20.20.3:55349]   Referer: https://trails01.clinipace.net:8443/testfolder, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.242508 2012] [http:trace4] [pid 14004:tid 139641886463744] http_request.c(305): [client 10.20.20.3:55349]   Content-Type: application/x-www-form-urlencoded, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.242512 2012] [http:trace4] [pid 14004:tid 139641886463744] http_request.c(305): [client 10.20.20.3:55349]   Content-Length: 59, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.242530 2012] [rewrite:trace2] [pid 14004:tid 139641886463744] mod_rewrite.c(468): [client 10.20.20.3:55349] 10.20.20.3 - - [trails01.clinipace.net/sid#12b0370][rid#13e3360/initial] init rewrite engine with requested uri /testfolder, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.242538 2012] [rewrite:trace3] [pid 14004:tid 139641886463744] mod_rewrite.c(468): [client 10.20.20.3:55349] 10.20.20.3 - - [trails01.clinipace.net/sid#12b0370][rid#13e3360/initial] applying pattern '/public/.*' to uri '/testfolder', referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.242544 2012] [rewrite:trace1] [pid 14004:tid 139641886463744] mod_rewrite.c(468): [client 10.20.20.3:55349] 10.20.20.3 - - [trails01.clinipace.net/sid#12b0370][rid#13e3360/initial] pass through /testfolder, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.242592 2012] [authz_core:debug] [pid 14004:tid 139641886463744] mod_authz_core.c(802): [client 10.20.20.3:55349] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.242600 2012] [authz_core:debug] [pid 14004:tid 139641886463744] mod_authz_core.c(802): [client 10.20.20.3:55349] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet), referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.242608 2012] [auth_form:trace6] [pid 14004:tid 139641886463744] mod_auth_form.c(531): [client 10.20.20.3:55349] from notes: user: (null), pw: (null), method: (null), mimetype: (null), referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.242616 2012] [auth_form:trace2] [pid 14004:tid 139641886463744] mod_auth_form.c(592): [client 10.20.20.3:55349] from session: user: (null), pw: (null), site: (null), referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.242646 2012] [rewrite:trace2] [pid 14004:tid 139641886463744] mod_rewrite.c(468): [client 10.20.20.3:55349] 10.20.20.3 - - [trails01.clinipace.net/sid#12b0370][rid#13e5370/subreq] init rewrite engine with requested uri /testfolder, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.242658 2012] [rewrite:trace3] [pid 14004:tid 139641886463744] mod_rewrite.c(468): [client 10.20.20.3:55349] 10.20.20.3 - - [trails01.clinipace.net/sid#12b0370][rid#13e5370/subreq] applying pattern '/public/.*' to uri '/testfolder', referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.242665 2012] [rewrite:trace1] [pid 14004:tid 139641886463744] mod_rewrite.c(468): [client 10.20.20.3:55349] 10.20.20.3 - - [trails01.clinipace.net/sid#12b0370][rid#13e5370/subreq] pass through /testfolder, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.242765 2012] [core:trace3] [pid 14004:tid 139641886463744] request.c(311): [client 10.20.20.3:55349] fixups hook gave 301: /testfolder, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.242782 2012] [auth_form:trace6] [pid 14004:tid 139641886463744] mod_auth_form.c(531): [client 10.20.20.3:55349] from notes: user: (null), pw: (null), method: (null), mimetype: (null), referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.242855 2012] [authnz_ldap:debug] [pid 14004:tid 139641886463744] mod_authnz_ldap.c(501): [client 10.20.20.3:55349] AH01691: auth_ldap authenticate: using URL XXX
[Fri Dec 07 16:55:18.242877 2012] [authnz_ldap:trace1] [pid 14004:tid 139641886463744] mod_authnz_ldap.c(522): [client 10.20.20.3:55349] auth_ldap authenticate: final authn filter is XXX
[Fri Dec 07 16:55:18.242931 2012] [authnz_ldap:debug] [pid 14004:tid 139641886463744] mod_authnz_ldap.c(593): [client 10.20.20.3:55349] AH01697: auth_ldap authenticate: accepting lpenninger, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.242945 2012] [authz_core:debug] [pid 14004:tid 139641886463744] mod_authz_core.c(802): [client 10.20.20.3:55349] AH01626: authorization result of Require valid-user : granted, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.242949 2012] [authz_core:debug] [pid 14004:tid 139641886463744] mod_authz_core.c(802): [client 10.20.20.3:55349] AH01626: authorization result of <RequireAny>: granted, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.243001 2012] [core:trace3] [pid 14004:tid 139641886463744] request.c(311): [client 10.20.20.3:55349] fixups hook gave 301: /testfolder, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.243097 2012] [core:debug] [pid 14004:tid 139641886463744] util_cookies.c(59): [client 10.20.20.3:55349] AH00007: ap_cookie: user 'lpenninger' set cookie: 'session=Test+Login-user=lpenninger&Test+Login-pw=XXX;path=/', referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.243121 2012] [http:trace3] [pid 14004:tid 139641886463744] http_filters.c(963): [client 10.20.20.3:55349] Response sent with status 301, headers:, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.243126 2012] [http:trace5] [pid 14004:tid 139641886463744] http_filters.c(970): [client 10.20.20.3:55349]   Date: Fri, 07 Dec 2012 21:55:18 GMT, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.243130 2012] [http:trace5] [pid 14004:tid 139641886463744] http_filters.c(973): [client 10.20.20.3:55349]   Server: Apache/2.5.0-dev (Unix) OpenSSL/0.9.8k, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.243134 2012] [http:trace4] [pid 14004:tid 139641886463744] http_filters.c(806): [client 10.20.20.3:55349]   Set-Cookie: session=Test+Login-user=lpenninger&Test+Login-pw=XXX;path=/, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.243138 2012] [http:trace4] [pid 14004:tid 139641886463744] http_filters.c(806): [client 10.20.20.3:55349]   Location: https://trails01.clinipace.net:8443/testfolder/, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.243141 2012] [http:trace4] [pid 14004:tid 139641886463744] http_filters.c(806): [client 10.20.20.3:55349]   Cache-Control: no-cache, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.243145 2012] [http:trace4] [pid 14004:tid 139641886463744] http_filters.c(806): [client 10.20.20.3:55349]   Set-Cookie: session=Test+Login-user=lpenninger&Test+Login-pw=XXX;path=/, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.243148 2012] [http:trace4] [pid 14004:tid 139641886463744] http_filters.c(806): [client 10.20.20.3:55349]   Content-Length: 255, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.243151 2012] [http:trace4] [pid 14004:tid 139641886463744] http_filters.c(806): [client 10.20.20.3:55349]   Keep-Alive: timeout=5, max=100, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.243161 2012] [http:trace4] [pid 14004:tid 139641886463744] http_filters.c(806): [client 10.20.20.3:55349]   Connection: Keep-Alive, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.243165 2012] [http:trace4] [pid 14004:tid 139641886463744] http_filters.c(806): [client 10.20.20.3:55349]   Content-Type: text/html; charset=iso-8859-1, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.353928 2012] [core:trace5] [pid 14004:tid 139641886463744] protocol.c(626): [client 10.20.20.3:55349] Request received from client: GET /testfolder/ HTTP/1.1
[Fri Dec 07 16:55:18.353964 2012] [http:trace4] [pid 14004:tid 139641886463744] http_request.c(301): [client 10.20.20.3:55349] Headers received from client:, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.353970 2012] [http:trace4] [pid 14004:tid 139641886463744] http_request.c(305): [client 10.20.20.3:55349]   Host: trails01.clinipace.net:8443, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.353974 2012] [http:trace4] [pid 14004:tid 139641886463744] http_request.c(305): [client 10.20.20.3:55349]   User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:16.0) Gecko/20100101 Firefox/16.0, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.353978 2012] [http:trace4] [pid 14004:tid 139641886463744] http_request.c(305): [client 10.20.20.3:55349]   Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.353982 2012] [http:trace4] [pid 14004:tid 139641886463744] http_request.c(305): [client 10.20.20.3:55349]   Accept-Language: en-US,en;q=0.5, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.353985 2012] [http:trace4] [pid 14004:tid 139641886463744] http_request.c(305): [client 10.20.20.3:55349]   Accept-Encoding: gzip, deflate, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.353988 2012] [http:trace4] [pid 14004:tid 139641886463744] http_request.c(305): [client 10.20.20.3:55349]   Connection: keep-alive, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.353992 2012] [http:trace4] [pid 14004:tid 139641886463744] http_request.c(305): [client 10.20.20.3:55349]   Referer: https://trails01.clinipace.net:8443/testfolder, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.353996 2012] [http:trace4] [pid 14004:tid 139641886463744] http_request.c(305): [client 10.20.20.3:55349]   Cookie: session=Test+Login-user=lpenninger&Test+Login-pw=XXX, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.354014 2012] [rewrite:trace2] [pid 14004:tid 139641886463744] mod_rewrite.c(468): [client 10.20.20.3:55349] 10.20.20.3 - - [trails01.clinipace.net/sid#12b0370][rid#13d0c60/initial] init rewrite engine with requested uri /testfolder/, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.354047 2012] [rewrite:trace3] [pid 14004:tid 139641886463744] mod_rewrite.c(468): [client 10.20.20.3:55349] 10.20.20.3 - - [trails01.clinipace.net/sid#12b0370][rid#13d0c60/initial] applying pattern '/public/.*' to uri '/testfolder/', referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.354056 2012] [rewrite:trace1] [pid 14004:tid 139641886463744] mod_rewrite.c(468): [client 10.20.20.3:55349] 10.20.20.3 - - [trails01.clinipace.net/sid#12b0370][rid#13d0c60/initial] pass through /testfolder/, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.354105 2012] [authz_core:debug] [pid 14004:tid 139641886463744] mod_authz_core.c(802): [client 10.20.20.3:55349] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.354113 2012] [authz_core:debug] [pid 14004:tid 139641886463744] mod_authz_core.c(802): [client 10.20.20.3:55349] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet), referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.354121 2012] [auth_form:trace6] [pid 14004:tid 139641886463744] mod_auth_form.c(531): [client 10.20.20.3:55349] from notes: user: (null), pw: (null), method: (null), mimetype: (null), referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.354141 2012] [auth_form:trace2] [pid 14004:tid 139641886463744] mod_auth_form.c(592): [client 10.20.20.3:55349] from session: user: lpenninger, pw: Clinipa,e, site: (null), referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.354154 2012] [authnz_ldap:debug] [pid 14004:tid 139641886463744] mod_authnz_ldap.c(501): [client 10.20.20.3:55349] AH01691: auth_ldap authenticate: using URL XXX
[Fri Dec 07 16:55:18.354161 2012] [authnz_ldap:trace1] [pid 14004:tid 139641886463744] mod_authnz_ldap.c(522): [client 10.20.20.3:55349] auth_ldap authenticate: final authn filter is XXX
[Fri Dec 07 16:55:18.354175 2012] [authnz_ldap:debug] [pid 14004:tid 139641886463744] mod_authnz_ldap.c(593): [client 10.20.20.3:55349] AH01697: auth_ldap authenticate: accepting lpenninger, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.354181 2012] [authz_core:debug] [pid 14004:tid 139641886463744] mod_authz_core.c(802): [client 10.20.20.3:55349] AH01626: authorization result of Require valid-user : granted, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.354185 2012] [authz_core:debug] [pid 14004:tid 139641886463744] mod_authz_core.c(802): [client 10.20.20.3:55349] AH01626: authorization result of <RequireAny>: granted, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.364239 2012] [core:debug] [pid 14004:tid 139641886463744] util_cookies.c(59): [client 10.20.20.3:55349] AH00007: ap_cookie: user 'lpenninger' set cookie: 'session=Test+Login-user=lpenninger&Test+Login-pw=XXX;path=/', referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.364263 2012] [http:trace3] [pid 14004:tid 139641886463744] http_filters.c(963): [client 10.20.20.3:55349] Response sent with status 200, headers:, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.364268 2012] [http:trace5] [pid 14004:tid 139641886463744] http_filters.c(970): [client 10.20.20.3:55349]   Date: Fri, 07 Dec 2012 21:55:18 GMT, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.364272 2012] [http:trace5] [pid 14004:tid 139641886463744] http_filters.c(973): [client 10.20.20.3:55349]   Server: Apache/2.5.0-dev (Unix) OpenSSL/0.9.8k, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.364282 2012] [http:trace4] [pid 14004:tid 139641886463744] http_filters.c(806): [client 10.20.20.3:55349]   Set-Cookie: session=Test+Login-user=lpenninger&Test+Login-pw=XXX;path=/, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.364286 2012] [http:trace4] [pid 14004:tid 139641886463744] http_filters.c(806): [client 10.20.20.3:55349]   Cache-Control: no-cache, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.364290 2012] [http:trace4] [pid 14004:tid 139641886463744] http_filters.c(806): [client 10.20.20.3:55349]   Set-Cookie: session=Test+Login-user=lpenninger&Test+Login-pw=XXX;path=/, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.364293 2012] [http:trace4] [pid 14004:tid 139641886463744] http_filters.c(806): [client 10.20.20.3:55349]   Content-Length: 268, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.364297 2012] [http:trace4] [pid 14004:tid 139641886463744] http_filters.c(806): [client 10.20.20.3:55349]   Keep-Alive: timeout=5, max=99, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.364300 2012] [http:trace4] [pid 14004:tid 139641886463744] http_filters.c(806): [client 10.20.20.3:55349]   Connection: Keep-Alive, referer: https://trails01.clinipace.net:8443/testfolder
[Fri Dec 07 16:55:18.364303 2012] [http:trace4] [pid 14004:tid 139641886463744] http_filters.c(806): [client 10.20.20.3:55349]   Content-Type: text/html;charset=ISO-8859-1, referer: https://trails01.clinipace.net:8443/testfolder




FAIL, case 2:
[Fri Dec 07 16:53:06.942936 2012] [core:trace5] [pid 14004:tid 139641894856448] protocol.c(626): [client 10.20.20.3:55314] Request received from client: GET /testfolder/ HTTP/1.1
[Fri Dec 07 16:53:06.943076 2012] [http:trace4] [pid 14004:tid 139641894856448] http_request.c(301): [client 10.20.20.3:55314] Headers received from client:
[Fri Dec 07 16:53:06.943087 2012] [http:trace4] [pid 14004:tid 139641894856448] http_request.c(305): [client 10.20.20.3:55314]   Host: trails01.clinipace.net:8443
[Fri Dec 07 16:53:06.943092 2012] [http:trace4] [pid 14004:tid 139641894856448] http_request.c(305): [client 10.20.20.3:55314]   User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:16.0) Gecko/20100101 Firefox/16.0
[Fri Dec 07 16:53:06.943108 2012] [http:trace4] [pid 14004:tid 139641894856448] http_request.c(305): [client 10.20.20.3:55314]   Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
[Fri Dec 07 16:53:06.943112 2012] [http:trace4] [pid 14004:tid 139641894856448] http_request.c(305): [client 10.20.20.3:55314]   Accept-Language: en-US,en;q=0.5
[Fri Dec 07 16:53:06.943115 2012] [http:trace4] [pid 14004:tid 139641894856448] http_request.c(305): [client 10.20.20.3:55314]   Accept-Encoding: gzip, deflate
[Fri Dec 07 16:53:06.943119 2012] [http:trace4] [pid 14004:tid 139641894856448] http_request.c(305): [client 10.20.20.3:55314]   Connection: keep-alive
[Fri Dec 07 16:53:06.943179 2012] [rewrite:trace2] [pid 14004:tid 139641894856448] mod_rewrite.c(468): [client 10.20.20.3:55314] 10.20.20.3 - - [trails01.clinipace.net/sid#12b0370][rid#13ce980/initial] init rewrite engine with requested uri /testfolder/
[Fri Dec 07 16:53:06.943195 2012] [rewrite:trace3] [pid 14004:tid 139641894856448] mod_rewrite.c(468): [client 10.20.20.3:55314] 10.20.20.3 - - [trails01.clinipace.net/sid#12b0370][rid#13ce980/initial] applying pattern '/public/.*' to uri '/testfolder/'
[Fri Dec 07 16:53:06.943205 2012] [rewrite:trace1] [pid 14004:tid 139641894856448] mod_rewrite.c(468): [client 10.20.20.3:55314] 10.20.20.3 - - [trails01.clinipace.net/sid#12b0370][rid#13ce980/initial] pass through /testfolder/
[Fri Dec 07 16:53:06.943983 2012] [authz_core:debug] [pid 14004:tid 139641894856448] mod_authz_core.c(802): [client 10.20.20.3:55314] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)
[Fri Dec 07 16:53:06.943999 2012] [authz_core:debug] [pid 14004:tid 139641894856448] mod_authz_core.c(802): [client 10.20.20.3:55314] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)
[Fri Dec 07 16:53:06.944013 2012] [auth_form:trace6] [pid 14004:tid 139641894856448] mod_auth_form.c(531): [client 10.20.20.3:55314] from notes: user: (null), pw: (null), method: (null), mimetype: (null)
[Fri Dec 07 16:53:06.944036 2012] [auth_form:trace2] [pid 14004:tid 139641894856448] mod_auth_form.c(592): [client 10.20.20.3:55314] from session: user: (null), pw: (null), site: (null)
[Fri Dec 07 16:53:06.944043 2012] [core:trace3] [pid 14004:tid 139641894856448] request.c(116): [client 10.20.20.3:55314] auth phase 'check user' gave status 401: /testfolder/
[Fri Dec 07 16:53:06.944068 2012] [rewrite:trace2] [pid 14004:tid 139641894856448] mod_rewrite.c(468): [client 10.20.20.3:55314] 10.20.20.3 - - [trails01.clinipace.net/sid#12b0370][rid#13e8b18/initial/redir#1] init rewrite engine with requested uri /public/webapi/login/login.shtml
[Fri Dec 07 16:53:06.944078 2012] [rewrite:trace3] [pid 14004:tid 139641894856448] mod_rewrite.c(468): [client 10.20.20.3:55314] 10.20.20.3 - - [trails01.clinipace.net/sid#12b0370][rid#13e8b18/initial/redir#1] applying pattern '/public/.*' to uri '/public/webapi/login/login.shtml'
[Fri Dec 07 16:53:06.944125 2012] [rewrite:trace1] [pid 14004:tid 139641894856448] mod_rewrite.c(468): [client 10.20.20.3:55314] 10.20.20.3 - - [trails01.clinipace.net/sid#12b0370][rid#13e8b18/initial/redir#1] pass through /public/webapi/login/login.shtml
[Fri Dec 07 16:53:06.945837 2012] [core:trace3] [pid 14004:tid 139641894856448] request.c(267): [client 10.20.20.3:55314] request authorized without authentication by access_checker hook and 'Satisfy any': /public/webapi/login/login.shtml
[Fri Dec 07 16:53:06.946596 2012] [http:trace3] [pid 14004:tid 139641894856448] http_filters.c(963): [client 10.20.20.3:55314] Response sent with status 401, headers:
[Fri Dec 07 16:53:06.946607 2012] [http:trace5] [pid 14004:tid 139641894856448] http_filters.c(970): [client 10.20.20.3:55314]   Date: Fri, 07 Dec 2012 21:53:06 GMT
[Fri Dec 07 16:53:06.946611 2012] [http:trace5] [pid 14004:tid 139641894856448] http_filters.c(973): [client 10.20.20.3:55314]   Server: Apache/2.5.0-dev (Unix) OpenSSL/0.9.8k
[Fri Dec 07 16:53:06.946617 2012] [http:trace4] [pid 14004:tid 139641894856448] http_filters.c(806): [client 10.20.20.3:55314]   Cache-Control: no-store
[Fri Dec 07 16:53:06.946627 2012] [http:trace4] [pid 14004:tid 139641894856448] http_filters.c(806): [client 10.20.20.3:55314]   Last-Modified: Fri, 07 Dec 2012 20:22:12 GMT
[Fri Dec 07 16:53:06.946631 2012] [http:trace4] [pid 14004:tid 139641894856448] http_filters.c(806): [client 10.20.20.3:55314]   ETag: \\"651-4d048f87f6e88\\"
[Fri Dec 07 16:53:06.946634 2012] [http:trace4] [pid 14004:tid 139641894856448] http_filters.c(806): [client 10.20.20.3:55314]   Accept-Ranges: bytes
[Fri Dec 07 16:53:06.946637 2012] [http:trace4] [pid 14004:tid 139641894856448] http_filters.c(806): [client 10.20.20.3:55314]   Content-Length: 1617
[Fri Dec 07 16:53:06.946640 2012] [http:trace4] [pid 14004:tid 139641894856448] http_filters.c(806): [client 10.20.20.3:55314]   Keep-Alive: timeout=5, max=100
[Fri Dec 07 16:53:06.946643 2012] [http:trace4] [pid 14004:tid 139641894856448] http_filters.c(806): [client 10.20.20.3:55314]   Connection: Keep-Alive
[Fri Dec 07 16:53:14.104937 2012] [core:trace5] [pid 14003:tid 139641911641856] protocol.c(626): [client 10.20.20.3:55316] Request received from client: POST /testfolder/ HTTP/1.1
[Fri Dec 07 16:53:14.104994 2012] [http:trace4] [pid 14003:tid 139641911641856] http_request.c(301): [client 10.20.20.3:55316] Headers received from client:, referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105000 2012] [http:trace4] [pid 14003:tid 139641911641856] http_request.c(305): [client 10.20.20.3:55316]   Host: trails01.clinipace.net:8443, referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105004 2012] [http:trace4] [pid 14003:tid 139641911641856] http_request.c(305): [client 10.20.20.3:55316]   User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:16.0) Gecko/20100101 Firefox/16.0, referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105008 2012] [http:trace4] [pid 14003:tid 139641911641856] http_request.c(305): [client 10.20.20.3:55316]   Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8, referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105012 2012] [http:trace4] [pid 14003:tid 139641911641856] http_request.c(305): [client 10.20.20.3:55316]   Accept-Language: en-US,en;q=0.5, referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105015 2012] [http:trace4] [pid 14003:tid 139641911641856] http_request.c(305): [client 10.20.20.3:55316]   Accept-Encoding: gzip, deflate, referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105019 2012] [http:trace4] [pid 14003:tid 139641911641856] http_request.c(305): [client 10.20.20.3:55316]   Connection: keep-alive, referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105022 2012] [http:trace4] [pid 14003:tid 139641911641856] http_request.c(305): [client 10.20.20.3:55316]   Referer: https://trails01.clinipace.net:8443/testfolder/, referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105026 2012] [http:trace4] [pid 14003:tid 139641911641856] http_request.c(305): [client 10.20.20.3:55316]   Content-Type: application/x-www-form-urlencoded, referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105029 2012] [http:trace4] [pid 14003:tid 139641911641856] http_request.c(305): [client 10.20.20.3:55316]   Content-Length: 59, referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105048 2012] [rewrite:trace2] [pid 14003:tid 139641911641856] mod_rewrite.c(468): [client 10.20.20.3:55316] 10.20.20.3 - - [trails01.clinipace.net/sid#12b0370][rid#13e30f0/initial] init rewrite engine with requested uri /testfolder/, referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105055 2012] [rewrite:trace3] [pid 14003:tid 139641911641856] mod_rewrite.c(468): [client 10.20.20.3:55316] 10.20.20.3 - - [trails01.clinipace.net/sid#12b0370][rid#13e30f0/initial] applying pattern '/public/.*' to uri '/testfolder/', referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105061 2012] [rewrite:trace1] [pid 14003:tid 139641911641856] mod_rewrite.c(468): [client 10.20.20.3:55316] 10.20.20.3 - - [trails01.clinipace.net/sid#12b0370][rid#13e30f0/initial] pass through /testfolder/, referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105118 2012] [authz_core:debug] [pid 14003:tid 139641911641856] mod_authz_core.c(802): [client 10.20.20.3:55316] AH01626: authorization result of Require valid-user : denied (no authenticated user yet), referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105129 2012] [authz_core:debug] [pid 14003:tid 139641911641856] mod_authz_core.c(802): [client 10.20.20.3:55316] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet), referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105138 2012] [auth_form:trace6] [pid 14003:tid 139641911641856] mod_auth_form.c(531): [client 10.20.20.3:55316] from notes: user: (null), pw: (null), method: (null), mimetype: (null), referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105147 2012] [auth_form:trace2] [pid 14003:tid 139641911641856] mod_auth_form.c(592): [client 10.20.20.3:55316] from session: user: (null), pw: (null), site: (null), referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105177 2012] [rewrite:trace2] [pid 14003:tid 139641911641856] mod_rewrite.c(468): [client 10.20.20.3:55316] 10.20.20.3 - - [trails01.clinipace.net/sid#12b0370][rid#13e5100/subreq] init rewrite engine with requested uri /testfolder/, referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105184 2012] [rewrite:trace3] [pid 14003:tid 139641911641856] mod_rewrite.c(468): [client 10.20.20.3:55316] 10.20.20.3 - - [trails01.clinipace.net/sid#12b0370][rid#13e5100/subreq] applying pattern '/public/.*' to uri '/testfolder/', referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105191 2012] [rewrite:trace1] [pid 14003:tid 139641911641856] mod_rewrite.c(468): [client 10.20.20.3:55316] 10.20.20.3 - - [trails01.clinipace.net/sid#12b0370][rid#13e5100/subreq] pass through /testfolder/, referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105324 2012] [auth_form:trace6] [pid 14003:tid 139641911641856] mod_auth_form.c(531): [client 10.20.20.3:55316] from notes: user: (null), pw: (null), method: (null), mimetype: (null), referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105396 2012] [authnz_ldap:debug] [pid 14003:tid 139641911641856] mod_authnz_ldap.c(501): [client 10.20.20.3:55316] AH01691: auth_ldap authenticate: using URL XXX/
[Fri Dec 07 16:53:14.105421 2012] [authnz_ldap:trace1] [pid 14003:tid 139641911641856] mod_authnz_ldap.c(522): [client 10.20.20.3:55316] auth_ldap authenticate: final authn filter is XXX/
[Fri Dec 07 16:53:14.105465 2012] [authnz_ldap:debug] [pid 14003:tid 139641911641856] mod_authnz_ldap.c(593): [client 10.20.20.3:55316] AH01697: auth_ldap authenticate: accepting lpenninger, referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105479 2012] [authz_core:debug] [pid 14003:tid 139641911641856] mod_authz_core.c(802): [client 10.20.20.3:55316] AH01626: authorization result of Require valid-user : granted, referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105483 2012] [authz_core:debug] [pid 14003:tid 139641911641856] mod_authz_core.c(802): [client 10.20.20.3:55316] AH01626: authorization result of <RequireAny>: granted, referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105547 2012] [core:info] [pid 14003:tid 139641911641856] [client 10.20.20.3:55316] AH00129: Attempt to serve directory: /usr/local/www/testfolder/, referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105574 2012] [core:debug] [pid 14003:tid 139641911641856] util_cookies.c(59): [client 10.20.20.3:55316] AH00007: ap_cookie: user 'lpenninger' set cookie: 'session=Test+Login-user=lpenninger&Test+Login-pw=XXX;path=/', referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105590 2012] [http:trace3] [pid 14003:tid 139641911641856] http_filters.c(963): [client 10.20.20.3:55316] Response sent with status 404, headers:, referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105594 2012] [http:trace5] [pid 14003:tid 139641911641856] http_filters.c(970): [client 10.20.20.3:55316]   Date: Fri, 07 Dec 2012 21:53:14 GMT, referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105598 2012] [http:trace5] [pid 14003:tid 139641911641856] http_filters.c(973): [client 10.20.20.3:55316]   Server: Apache/2.5.0-dev (Unix) OpenSSL/0.9.8k, referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105602 2012] [http:trace4] [pid 14003:tid 139641911641856] http_filters.c(806): [client 10.20.20.3:55316]   Set-Cookie: session=Test+Login-user=lpenninger&Test+Login-pw=XXX;path=/, referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105612 2012] [http:trace4] [pid 14003:tid 139641911641856] http_filters.c(806): [client 10.20.20.3:55316]   Cache-Control: no-cache, referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105616 2012] [http:trace4] [pid 14003:tid 139641911641856] http_filters.c(806): [client 10.20.20.3:55316]   Set-Cookie: session=Test+Login-user=lpenninger&Test+Login-pw=XXX;path=/, referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105620 2012] [http:trace4] [pid 14003:tid 139641911641856] http_filters.c(806): [client 10.20.20.3:55316]   Content-Length: 209, referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105623 2012] [http:trace4] [pid 14003:tid 139641911641856] http_filters.c(806): [client 10.20.20.3:55316]   Keep-Alive: timeout=5, max=100, referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105626 2012] [http:trace4] [pid 14003:tid 139641911641856] http_filters.c(806): [client 10.20.20.3:55316]   Connection: Keep-Alive, referer: https://trails01.clinipace.net:8443/testfolder/
[Fri Dec 07 16:53:14.105630 2012] [http:trace4] [pid 14003:tid 139641911641856] http_filters.c(806): [client 10.20.20.3:55316]   Content-Type: text/html; charset=iso-8859-1, referer: https://trails01.clinipace.net:8443/testfolder/

Comment 1 David Mansfield 2013-05-17 14:48:57 UTC

Created attachment 30291 [details]
httpd conf file for test case, put in /etc/httpd/conf.d or equiv.

Comment 2 David Mansfield 2013-05-17 14:50:21 UTC

Created attachment 30292 [details]
start page for test case. put in /var/www/form_auth_test

Comment 3 David Mansfield 2013-05-17 14:51:25 UTC

Created attachment 30293 [details]
login form generator - can't see POST data. put in /var/www/form_auth_test_cgi

Comment 4 David Mansfield 2013-05-17 14:52:01 UTC

Created attachment 30294 [details]
alternative login handler using mod_include. put in /var/www/form_auth_test

Comment 5 David Mansfield 2013-05-17 14:53:23 UTC

argh. attached all this to the wrong bug. sorry

Comment 6 Ryan 2017-09-05 16:08:08 UTC

It appears the the trailing slash causes the server to do a POST instead of a GET to the protected resource after successful login.

Also seen here:

http://apache-http-server.18135.x6.nabble.com/Inline-Login-with-mod-auth-form-405-error-td5001643.html

Comment 7 Ryan 2017-09-05 19:27:18 UTC

Note that using the AuthFormMethod directive (or the default of http_method) and setting the request method to "GET" does NOT work.  If you've got a slash on the end of the URL then you're getting a POST no matter what.  So the following form field does not override the request method as I had hoped:

    <input type="hidden" name="httpd_method" value="GET"/>

Comment 8 Ryan 2017-09-08 21:58:26 UTC

One workaround is to trap 405 errors and setup the error handler to point to a script that simply redirects the user agent to try again, but as a GET request.

ErrorDocument 405 /my-script.php

If you are using Apache as a reverse proxy and the backend server is generating the 405 errors use ProxyErrorOverride:

ProxyErrorOverride on
ErrorDocument 405 /my-script.php

my-script.php looks like:

<?php
header('Location: ' . getenv('REDIRECT_URL') . '?' . setenv('REDIRECT_QUERY_STRING'));
exit();
?>

Comment 9 Ryan 2017-09-08 22:01:28 UTC

Also note that this bug seems to occur without trailing slash too if there are query parameters.