apache2 does not deny acces though PerlAuthenHandler returns HTTP_UNAUTHORIZED

["Moritz Maisel" <suppressed>]

Hi List,

I wrote a PerlAuthenHandler to authenticate users that access a webservice. I supposed that by returning either "OK" or "HTTP_UNAUTHORIZED" back to apache2 it will allow or deny acces due to the "require valid-user" directive that I set.
My problem is, that apache executes my handler, but it does not take care of my return-values. Instead it always serves the request and grants access.

Any ideas?

Thanks in advance,
Moritz

Section of my apache-configuration:
--- BEGIN ---
    PerlModule FOO::Auth
    <Location /bar>
        # do authentication:
        PerlAuthenHandler FOO::Auth::authen_handler
        AuthName "experimental server"
        AuthType Basic
        Require valid-user
    </Location>
--- END ---

Code of my handler-module:
--- BEGIN ---
package FOO::Auth;

use Data::Dumper;
use Apache::RequestRec;
use Apache::Access;
use Apache::Log;
use Apache::Const -compile => qw(OK DECLINED HTTP_UNAUTHORIZED FORBIDDEN);
use Apache::RequestUtil ();

sub authen_handler {
    my $r = shift;

    # get user's authentication credentials
    my ($res, $sent_pw) = $r->get_basic_auth_pw;
    return $res if $res != Apache::Const::OK;

    my $user = $r->user;

    print STDERR "$user -> $sent_pw\n";

    if ($user eq "mytestuser") {
        return OK;
    } else {
        $r->note_basic_auth_failure;
        $r->log_reason("wrong login", $r->uri);
        return HTTP_UNAUTHORIZED;
    }
}

1;
--- END ---

extract of apache2 error-log:
--- BEGIN ---
notmytestuser -> sad
[Tue May 15 15:53:34 2007] [error] access to /bar/index.php failed for xxx.xxx.xxx.xxx, reason: wrong login
--- END ---