Issue with HttpAuthDigestModule

Francis Daly francis at
Sat Mar 9 17:58:56 UTC 2013

On Fri, Mar 08, 2013 at 06:41:46PM -0500, redleaderuk wrote:

Hi there,

> I think I've found the actual problem: having a querystring at the end of
> the URL stops the HttpAuthDigiestModule from working correctly.

> Can anyone shed any light on this please?  I hope it's something I can fix
> via the config file but perhaps it's simply a limitation with the module
> itself?

It looks to me like a problem with this third-party module.

It calculates a hash over r->uri, and compares it with the hash that the
browser calculated over its idea of the request. If you replace r->uri
with r->unparsed_uri and recompile, it will work for more requests.

The "right" fix is probably to use fields->uri instead, and then also
make sure that fields->uri and r->unparsed_uri correspond to the same
thing. That (in theory) should work for all requests, but would also
take longer to do right.

Francis Daly        francis at

More information about the nginx mailing list