On 2/13/06, Frederick, Fabian <Fabian.Frederick@xxxxxxxxxxxxx> wrote: > This method works but I'd like to avoid access _only_ without authentification : > http://site returns 401 with www-auth > > ... But I'm surprised http://user:password@site works in 2 phases : > > 1.Server returns 401 (why?) > 2.Account is logged; server returns 302 > > How can I recognize http://site from the second http://user:password@site ? Is it possible from cgi to check complete url ? The http://user:password@site thing is completely non-standard and doesn't work at all in most browsers, as far as I know. So how it works in your particular case would depend on the browser's actions, not the servers. Obviously your browser is not sending the credentials until after it receives a 401, which is the standard way to do things in general, but is a little strange given that the browser knows the credentials. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|