httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Random Junk <>
Subject Re: denying access without challenging?
Date Wed, 26 Nov 1997 18:01:43 GMT
Michael Smith writes:
> Yyyyyyyyyup, but don't I have to send a 401 to persuade the client to send
> authentication in the first place?  Just tracking through some log files, the
> first time a user goes to a new protected directory, there is a 401 line in
> access_log before the client sends the authetication string over.  Maybe this
> wouldn't happen if bar was a subdirectory of foo.

no, it always happens.  user requests /foo/bar with no authorize
header (because how do they know they need to send one?  they don't.)
so the server sends back 401.  browser puts up box.  user enters info,
resends exact same request for /foo/bar but with authorize header.

    Jon Drukman      SpotMedia Communications
This calls for a very special blend of psychology and extreme violence.

View raw message