HTTP Error 400 on an Apache website using IE6/Chrome with Digest Authentication
Issue
When attempting to open web pages after authenticating on a website running on Apache 2.X and using digest authentication the HTTP error 400 may be returned.
This can be seen in the server error log:
X.X.X.X - username [DD/Mmm/YYYY:HH:MM:SS +0000] "GET /index.php?variable=value HTTP/1.1" 400 226 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)"
[DDD MMM DD HH:MM:SS YYYYY] [error] [client X.X.X.X] Digest: uri mismatch - </index.php> does not match request-uri </index.php?variable=value>
Resolution
The Digest authentication implementation in previous Internet Explorer for Windows versions (5 and 6) had the issue that GET requests with a query string were not RFC compliant.
Since version 2.0.51 Apache also provides a workaround in the AuthDigestEnableQueryStringHack environment variable. If AuthDigestEnableQueryStringHack is set for the request, Apache will take steps to work around the MSIE bug and remove the query string from the digest comparison. This workaround is not necessary for MSIE 7, though enabling it does not cause any compatibility issues or significant overhead.
Add the following lines to httpd.conf:
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
BrowserMatch "Chrome" AuthDigestEnableQueryStringHack=On
Alternatively use POST requests instead of GET requests to pass data to the website.
References
Products
Microsoft Internet Explorer 6 SP1
Google Chrome 1.0
Apache HTTP Server 2
Created: 12th January 2009
Updated: 12th January 2009
© 2005-2024 Jamie Morrison