Hi ,
We have implemented a filter on Apache web server to force the basic authentication for all the resources in the doc root folder. As per the RFC, we need to return 401 response to any request for a file in doc root folder. Currently we are returning WWW-Authenticate as a mandatory field and some other optional fields. We are not sure about the content-length field. We are not returning any contents with 401 response. 1) Can we skip the content-length field? 2) Is it mandatory to return content-length field with 401 responses? Here is the current header trace with our filter. GET /basic/testpage.html HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */* Accept-Language: en-us Accept-Encoding: gzip, deflate If-Modified-Since: Thu, 13 Dec 2007 08:21:36 GMT If-None-Match: "15052-61-a26c4bb7" User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705; .NET CLR 2.0.50727; InfoPath.1) Host: ps4480 Connection: Keep-Alive HTTP/1.1 401 Authorization Required Date: Thu, 13 Dec 2007 11:27:22 GMT Server: Apache/2.2.6 (Win32) WWW-Authenticate: Basic realm="By Invitation Only apache_2.2.6-win32." Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 Thanks, Pradeep. DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails.
