Apache Authentication: Wrong ErrorDocument after user provided wrong credentials and canceled afterwards

Question

We've configured Apache HTTPd to use

Now, the user gets different results, when canceling the authentication in the first step or after submitting wrong credentials.

Example

The user calls the following URL: "example.com/pageXYZ

Expected behavior

Wrong(?) behavior

Does anyone know this behaviour or can tell, why it is like it is and if it is possible to get the expected behavior in both scenarios.

Is there any relevantinformation in your access / error logs? — user9517, Jan 27 '14 at 06:56
@lain No nothing. Logs are good so far. But good hint, I will try to setup a finer logging... — Adrian, Jan 27 '14 at 06:57
From the logs I can say, that the referrer isn't send to the ErrorDocument "handler" on the second authorization request. — Adrian, Jan 27 '14 at 07:12

score 0 · Accepted Answer · answered Jan 27 '14 at 13:08

0

Okay, just found out, that the problem is within the underlying application and not the Apache HTTPd.

On the first request to deliver the ErrorDocument it does some processing, which isn't done on subsequent requests.

answered Jan 27 '14 at 13:08

Adrian

1 Answers1