Edgewall Software
Modify

Opened 17 years ago

Closed 17 years ago

Last modified 8 years ago

#2371 closed defect (worksforme)

errordocument conflicts with trac

Reported by: Gijs van Dulmen Owned by: Christopher Lenz
Priority: normal Milestone:
Component: web frontend/mod_python Version: 0.9
Severity: normal Keywords:
Cc: Branch:
Release Notes:
API Changes:
Internal Changes:

Description (last modified by Matthew Good)

I'm running Trac 0.9 with Mod Python and noticed something odd. I don't know however if this is Trac related, but it sure doesn't work in a way I thought it would be.

Running Debian.

apache2 -v output:

Server version: Apache/2.0.54
Server built:   Sep  5 2005 11:11:08

Trac-admin output: trac-admin - The Trac Administration Console 0.9

Mod python version is 3.1.3

Apache2 config part which creates the odd situation:

<IfModule mod_negotiation.c>
<IfModule mod_include.c>
    Alias /error/ "/usr/share/apache2/error/"

    <Directory "/usr/share/apache2/error">
        AllowOverride None
        Options IncludesNoExec
        AddOutputFilter Includes html
        AddHandler type-map var
        Order allow,deny
        Allow from all
        LanguagePriority en es de fr
        ForceLanguagePriority Prefer Fallback
    </Directory>

    ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
    ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
    ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
    ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
    ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
    ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
    ErrorDocument 410 /error/HTTP_GONE.html.var
    ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
    ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
    ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
    ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
    ErrorDocument 415 /error/HTTP_SERVICE_UNAVAILABLE.html.var
    ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
    ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
    ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
    ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
    ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var

</IfModule>
</IfModule>

I use this apache virtual host config for trac:

<VirtualHost *:443>
	ServerName sub.domain.com
	DocumentRoot /var/www/sub.domain.com/

	SSLEngine On
	SSLCertificateFile /etc/apache2/ssl/apache.pem
	SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown 
	SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

	SSLOptions +StdEnvVars

	Alias /trac /usr/share/trac/htdocs/ 
    <Location />
        SetHandler mod_python
	PythonHandler trac.web.modpython_frontend 
	PythonOption TracEnv /var/www/sub.domain.com
        PythonOption TracUriRoot /
	suPHP_Engine Off
	SecFilterEngine Off
</Location>
    <Location /login>
 		AuthType Basic
		AuthName "Trac - Project Management and Version Control"
		AuthUserFile /etc/apache2/.htpasswd-svn
		Require valid-user
		SecFilterEngine Off
    </Location>
<Location /trac>
	      SetHandler None
	        </Location>

	ErrorLog /var/log/apache2/error.log
	CustomLog /var/log/apache2/access.log combined
	LogLevel warn

</VirtualHost>

When I have it like this Trac issues this error when I want to login:

No handler matched request to /error/HTTP_UNAUTHORIZED.html.var 

When I comment out this line in the apache config part:

ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var

It works OK.

A workaround which I got is adding this line in my virtualhost:

ErrorDocument 401 default

Then things will work Ok.

Hope someone can research this.

Attachments (0)

Change History (11)

comment:1 by Matthew Good, 17 years ago

Description: modified (diff)

(fixing description)

The workaround suggested above seems reasonable since a 401 response will prompt the browser to display a login dialog so the page would never be seen by a user.

I guess another option is for Trac to provide a request handler for /error/HTTP_UNAUTHORIZED.html.var that would simply return a 401 response. I think we'll need to check with some Apache devs on this to see if there's a cleaner solution.

comment:2 by morbus@…, 17 years ago

For what it's worth, contacting Apache devs probably won't help - the ErrorDocument configuration that he pasted above is a custom tweak that's part of Debian. The core Apache doesn't ship anything like that (in fact, it doesn't ship ANY default customizations of ErrorDocument at all, instead defaulting to the hardcoded, and internal, error messages).

I would, however, look into mod_python a bit more. I had been debugging with this user earlier this morning in Freenode's #apache, and the minute he disabled the mod_python handlers, the /login URL worked successfully (by popping up an auth box). Failing to authenticate properly showed the 401 error message. Once mod_python was configured (per the Trac install docs), the auth box would not appear for any reason. That doesn't make much sense to me.

comment:3 by morbus@…, 17 years ago

Sorry, "properly displayed the 403 error message" rather. (Ignore that whole sentence, actually. The point to take home is: disabling mod_python made Apache's HTTP auth work as intended).

comment:4 by morbus@…, 17 years ago

In hindsight, I think the smarter solution is to disable the ErrorDocument 401 entirely. That is *far less hackish* than changing it to "default", which a user normally *is* authorized to see (it is akin to "lying", as it were).

comment:5 by Gijs van Dulmen, 17 years ago

To make things clear. I'm not the user that was in #apache this morning. Just another user experiencing this problem.

comment:6 by Gijs van Dulmen, 17 years ago

And is there even a way to disable the errordocument entirely ?

From Apache docs: "Additionally, the special value default can be used to specify Apache's simple hardcoded message. While not required under normal circumstances, default will restore Apache's simple hardcoded message for configurations that would otherwise inherit an existing ErrorDocument."

Isn't default like disabling it ? :)

comment:7 by morbus@…, 17 years ago

Ah. My bad. This user had the *exact* same problem you did. Anyways, my apologies: I had assumed that "default" was some sort of Trac page, and not a setting in Apache. "default" is fine.

comment:8 by kain, 17 years ago

any solution to this?

comment:9 by Matthew Good, 17 years ago

Resolution: worksforme
Status: newclosed

Yes, add the line mentioned in the description:

ErrorDocument 401 default

comment:10 by anonymous, 15 years ago

geez this bug sucks. everything went fine on my server until I had this pb, and I spent 3 hours on it. Hope this information gets scattered around.

comment:11 by sanmarcos, 13 years ago

Adding this for people who might google this

Trac doesn't work with Virtual Hosts - Authentication information not available /login

http://groups.google.com/group/trac-users/browse_thread/thread/ac54f21e5a7de115?hl=en#

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Christopher Lenz.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from Christopher Lenz to the specified user.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.