Windows + Apache + SSPI + SSL + NTLM + IE + POST data got you down?

Keith Gable — Mon, 22 Sep 2008 17:47:00 -0500

For some reason, when using NTLM authentication on Apache through the mod_auth_sspi module (combined with SSL, but that might not be a requirement), Internet Explorer will refuse to send POST data along with a request at random points in time. It will still send a POST request, but it just doesn’t send data.

This seems to only affect IE users on domains with Integrated Windows Authentication (IWA). My CrossOver-emulated IE6 works fine with Basic authentication over the secure site we have set up doing IWA (of course I have to type in my credentials). But my Windows machine authenticating using IWA drops POST data!

After tireless Googling, I think I have a solution. It sucks, but it’s the best I can do. Suggestions welcome:

SetEnvIf User-Agent ".*MSIE.*" ssl-unclean-shutdown
MaxKeepAliveRequests 1

What this does is for MSIE, it tells mod_ssl to uncleanly shutdown. And it makes KeepAlive/HTTP Pipelining on, but only for one request. With KeepAlive turned off, IE doesn’t work at all. It gives a “Page Cannot be Displayed” error… probably because it’s attempting to NTLM authenticate, lost the socket, and dies.

What’s this mean for everyone else that follows the rules? They don’t get any benefit from HTTP pipelining. Which totally sucks. So hopefully you don’t have this problem…

"Windows + Apache + SSPI + SSL + NTLM + IE + POST data got you down?" by gnome

Fri, 21 Nov 2008 09:57:07 -0600

Thank you! Finally a solution. This has been driving me nuts.

The Ignition Project: Windows + Apache + SSPI + SSL + NTLM + IE + POST data got you down?

Windows + Apache + SSPI + SSL + NTLM + IE + POST data got you down?

"Windows + Apache + SSPI + SSL + NTLM + IE + POST data got you down?" by gnome