httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <field...@avron.ICS.UCI.EDU>
Subject Re: hmmm...
Date Sat, 06 May 1995 13:28:06 GMT
> This might be bad form to complain about this functionality this late in 
> the game, but conceptually I have a hard time justifying the 
> two-web-log-hits effect of error response redirects.  I.e., when I access 
> a protected area under a bogus username/password:
> 
> fully - asdfsaf [19/Apr/1995:01:03:05 -0700] "GET /Login/ HTTP/1.0" 401 -
> fully - asdfsaf [19/Apr/1995:01:03:05 -0700] "GET /401.html" 200 703
> 
> The problem is that the second one, when not in the context of the first, 
> looks like a valid user "asdfsaf" accessed a page under authentication.
> I'd have to tell my scripts "no, no, toss out all accesses to 401.html 
> before doing any user-based analysis".
> 
> What do people think?

I think this is a bug.  The common logfile format was intended to
log user requests, not server actions.  Saying that the server received
a request "GET /401.html" is lying.

......Roy
      584 messages down, 1109 to go  (geez, if I could just get people
                                      to stop work for a while...)

Mime
View raw message