httpd-test-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacek Prucia <>
Subject Re: [PATCH] flood: basic user auth
Date Fri, 06 Sep 2002 10:25:43 GMT
On Thu, 5 Sep 2002 10:04:59 -0700
Aaron Bannert <> wrote:

> On Wed, Sep 04, 2002 at 10:43:51AM -0700, Justin Erenkrantz wrote:
> > > ...and react to WWW-Authenticate header
> I missed this part of the discussion the other day. I think it would
> be useful to allow for certain types of dynamic urllist manipulation,
> but I don't think in general we want to support automatic 302
> redirection. Either you are checking for the 302 response and the next
> entry in your urllist is the same url that came back with the 302, or
> your app wasn't supposed to return 302. (I tend to think that
> gratuitous 302's are errors.)
> An even more complicated example is how flood should deal with the
> WWW-Authenticate stuff, as suggested above. I tend to think that flood
> should be able to both check that the auth was required, and that some
> supplied credentials were accepted.

Aye. That is the main reason for urllist juggling. Automatic handling of
redirects it's just a benefit.

> I guess in both cases as long as it can be controlled whether to do
> automatic 302s or supply auth information, then that's fine. I just
> tend to think that we don't need it to be automatic.

I think it would be nice for flood to follow HTTP RFC, just to be 'HTTP
compilant client'. Apache HTTPD server follows HTTP RFC, and flood
schouldn't be threated as 'worse' kind of software, that doesn't have to
do that. So, how about making flood a little bit more HTTP RFC
compilant? :)

OTOH I somehow agree with Aaron. I think flood autmatic behaviour
schould be an option. Something like 'mimic browser'. We could then use
dynamic urllists for other things (like fetching all img's and embed's
from response and so on).

Jacek Prucia S.A.

View raw message