Hi, I can't download pdf,doc,xls ... file with IE through an HTTPS+BasicAuth connexion. IE----SSL+Basic Auth------>Apache+mod_jk------------ajp13-------->tomcat4.0.2
I got an error as described in http://support.microsoft.com/default.aspx?scid=kb;EN-US;q196505. This is due to HTTP cache control headers returned by tomcat. When a page is downloaded with an authentication, the HTTP server set cache control headers (Pragma, Cache-Control, Expires) to avoid proxies to cache the page.In such case, this gives something like that : HTTP/1.1 200 OK Content-Type: application/pdf Content-Length: 111219 Date: Tue, 26 Feb 2002 16:20:32 GMT Pragma: No-cache Server: Apache Tomcat/4.0.2 (HTTP/1.1 Connector) Cache-Control: no-cache Last-Modified: Tue, 26 Feb 2002 16:13:27 GMT ETag: "111219-1014740007000" Expires: Thu, 01 Jan 1970 00:00:00 GMT When the page is downloaded through an HTTPS connexions, those cache control headers are not more needed because the document is encrypted ! Through the mod_jk connector (even with JkExtractSSL directive), tomcat always set cache control headers when Authentication is done. I have done some tests with Apache. Cache control headers are not set when using SSL and Authentication and I have no problem with IE to download .pdf, .doc etc ... So, there might be something to correct in the Ajp13 connector... Bye, Vincent Royer Directeur Technique ALTHES "L'expertise s�curit�" 53 rue Albert Samain 59650 Villeneuve d'Ascq tel: 33 (0) 3.20.33.84.40 fax: 33 (0) 3.20.33.84.31 http://www.althes.fr *---------------------------------------------------------------* * Cet e-mail et toutes les pi�ces jointes sont destin�s aux * * seules personnes auxquelles ils sont sp�cifiquement adress�s * * et n'engagent que le signataire de ces documents et non la * * structure dont il d�pend. * * Leur existence et leur contenu ont un caract�re confidentiel. * * Toute utilisation ou diffusion non autoris�e est interdite. * * Si vous avez re�u cet e-mail ou si vous d�tenez sans en �tre * * le destinataire, nous vous demandons de bien vouloir nous en * * informer imm�diatement. * * Cette note assure que ce message a �t� contr�l� et ne * * comprenait aucun virus connu � ce jour, n�anmoins tout * * message �lectronique est susceptible d'alt�ration. * * Nous d�clinons toute responsabilit� au titre de ce message * * s'il a �t� alt�r�, d�form� ou falsifi�. * *---------------------------------------------------------------* -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
