httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Smith <...@iii.co.uk>
Subject Re: denying access without challenging?
Date Wed, 26 Nov 1997 10:36:56 GMT
Marc Slemko wrote:

> But do you still want users who don't send any auth to be prompted?
>
> If not, all you need is the appropriate ErrorDocument redirect to
> something that doesn't send a 401 to the client.
>

Yyyyyyyyyup, but don't I have to send a 401 to persuade the client to send
authentication in the first place?  Just tracking through some log files, the
first time a user goes to a new protected directory, there is a 401 line in
access_log before the client sends the authetication string over.  Maybe this
wouldn't happen if bar was a subdirectory of foo.

> If you want to distinguish between clients that do try to send some auth
> and those that don't, you may be able to do it with mod_rewrite in
> combination with an ErrorDocument.

I guess that if they don't send authentication, I want them to, but if they
do and it's wrong, then I'll accept it but treat it differently.  I can see
how this might be possible with mod_rewrite and ErrorDocument, though a bit
messy.  I'll have a go though ...

Cheers

Mike


> On Tue, 25 Nov 1997, Michael Smith wrote:
>
> > Greetings,
> >
> > It is possible in apache to deny access to users without actually
> > prompting them for a username/password.  For example, suppose I have two
> > directories
> >
> > foo
> > in which I use require valid-user - so all users can access foo
> >
> > bar
> > in which I use require group barusers
> >
> > Such that barusers is a subset of valid-users.  What I would ideally
> > like to happen is that when a user who is not in grou barusers tries to
> > access this directory, they see some message like "sorry, you don't have
> > permission to look here", but don't get prompted for an alternative
> > username/password first.  Using directives as I've indicated above
> > results in the user being challenged.  I was thinking that maybe what I
> > would need to do is to just have require valid-user in bar, but have
> > RewriteRules which are conditional on the group - but I don't think that
> > this is possible.
>




Mime
View raw message