Re: [users@httpd] How to prevent AuthBasic login pop-up after first failed login attempt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

--- Joshua Slive <jslive@xxxxxxxxx> wrote:

> On 10/13/05, Martin Knoblauch <spamtrap@xxxxxxxxxxxx> wrote:
> > Hi,
> >
> >  for a secured webserver, I have the following setup/requirements
> >
> > a) HTTPS access only
> > b) Clients need certificate
> > c) for different parts of the site, I want to restrict access to
> > certain certificates.
> >
> >  a) and b) work great. c) works mostly. I am using the SSLOption
> > "FakeBasicAuth" to extract the DN from the certificate and check
> them
> > against a htpasswd file. This works as expected when one of the
> > "valid-users" is trying to request the page. If one with a valid
> > certificate, but nonmatching DN comes along he is not let in (GOOD
> !!),
> > but gets the log in pop-up (BAD !!). In that case I would like to
> > immediately send the "forbidden" response. Is than possible at all?
> 
> This is just a guess, since I have never used FakeBasicAuth, but you
> might try
> ErrorDocument 401 http://yoursite.example.com/errorpage.html
> This will probably generate a warning in the error_log, since 401
> error documents aren't supposed to be absolute URLs.  But in this
> case, the effect of hiding the 401 status code is exactly what you
> want, so you can ignore the warning.
> 
> Joshua.
> 

 Sorry, but does not help. On startup httpd tells me that
ErrorDocuments cannot be URL's (notice level) and the behaviour stays
the same.

 Looking a bit more on this I would say that instead of sending 401, I
want to send 403 in the described case.

 I just found a kind of very ugly workaround. If I add:

AuthAuthoritative   Off

 to the section, the server will reply with 500. Not sure whether this
is just a "feature", but it solves the reapearing pop-up problem.


Thanks
Martin 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux