Pradeep K. Pant Blog

 

Solving the authentication problem while opening Office documents hosted on Apache in IE8/IE9 on Windows 7

We were facing a problem in IE 8/9 on Windows 7 while accessing  Office 2007/ Office 2010 documents hosted on apache/Cent OS 4.6. After some analysis I found the reason and finally ended in a fix. See below my findings and solution. Hope this helps:

The main issue is with the Microsoft’s way of implementing Webdav protocol for accessing web content through Microsoft Web Client. When we click on a Office document then web client  sends HTTP /1.1 OPTIONS Request header to server to check the WebDav communication (My server doesn’t have WebDav). In response Apache return 200 OK Response header to Web Client which results in prompting the authentication screen by Windows 7.  Well you have option in IE to pass the authentication login automatically but that would be security breach as you will be exposing your machine authentication to internet so I would not prefer that. Best way is to configure Apache to reject these request. This is how i have solved. These changes needs to be done in httpd.conf file in /etc/httpd/conf folder (Cent OS 4.6)

# One way to doing it – Deny access based on request method

[code lang=”js”]
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(OPTIONS|PROPFIND)$ [NC]
RewriteRule ^.$ – [F,L]
[/code]
# Another way to implementing – Deny acess based on user agent (Vista and Windows 7 used same user agent with different version so this Regx shall work for both
[code lang=”html”]
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^Microsoft-WebDAV-MiniRedir
RewriteRule ^.
$ – [F,L]
[/code]
Explanation on Flags:

  1. [F] flag causes the server to return a 403 Forbidden status code to the client.

  2. Use of the [NC] flag causes the RewriteRule to be matched in a case-insensitive manner. That is, it doesn’t care whether letters appear as upper-case or lower-case in the matched URI.

  3. The [L] flag causes mod_rewrite to stop processing the rule set. In most contexts, this means that if the rule matches, no further rules will be processed. This corresponds to the last command in Perl.

 Some References:

Microsoft knowledge article on authentication requests from office documents 

Apache mod_rewrite rule documentaion

fiddler tool for debugging HTTP requests



 

 

Copyright © 2007-2024 PRADEEP K. PANT

Source Code | RSS