I'm trying to determine the correct way to use the FcgidAccessChecker directive. Unfortunately, the documentation is very sparse in this area. I've been assuming that it should conform to the Fast CGI Specification section "6.3 Authorizer". <URL:http://www.fastcgi.com/drupal/node/6?q=node/22#S6.3> I have succeeded in getting mod_fcgid to recognize a successful access check by returning a "Status: 200 OK" line and no other header lines. However, it's not at all clear from the mod_fcgid how an application can cause something different to happen when access is denied. Section 6.3 of the specification says, 'For Authorizer response status values other than "200" (OK), the Web server denies access and sends the response status, headers, and content back to the HTTP client.' My understanding is that the authorizer application should be able to return any response in exactly the same way that a normal responder application would and if the response code is not 200, Apache will send that entire response to the client. This would allow the application to display an error page or redirect the client to an authentication page. However, this is definitely not what mod_fcgid is doing. If the application returns "Status: 400 Bad Request" and nothing else, Apache sends a response starting with "HTTP/1.1 401 Authorization Required" and the body is a generic error document that Apache must have generated internally. While mod_fcgid seems to ignore everything in the authorizer's response apart from response code when that code is not 200, when it is 200, mod_fcgid uses a "Location" header line in subsequent processing. Is this the only mechanism to control what happens on an access check failure? -- Jonathan Ross Rogers --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|