Return-Path: 
 <users-return-49793-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 8017 invoked from network); 15 Feb 2005 01:57:15 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur-2.apache.org with SMTP; 15 Feb 2005 01:57:15 -0000
Received: (qmail 6558 invoked by uid 500); 15 Feb 2005 01:57:06 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 6543 invoked by uid 500); 15 Feb 2005 01:57:06 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
list-post: <mailto:users@httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 6530 invoked by uid 99); 15 Feb 2005 01:57:06 -0000
X-ASF-Spam-Status: No, hits=1.6 required=10.0
	tests=FORGED_RCVD_HELO,RCVD_NUMERIC_HELO
X-Spam-Check-By: apache.org
Received-SPF: pass (hermes.apache.org: local policy)
Received: from nedron.net (HELO nedron.net) (64.62.230.232)
  by apache.org (qpsmtpd/0.28) with SMTP; Mon, 14 Feb 2005 17:57:05 -0800
Received: from 65.60.190.216 ([65.60.190.216]) by nedron.net for
 <users@httpd.apache.org>; Mon, 14 Feb 2005 17:56:58 -0800
Mime-Version: 1.0 (Apple Message framework v619.2)
Content-Transfer-Encoding: 7bit
Message-Id: <521f953e9c8f389d7208b49456d53c17@nedron.net>
Content-Type: text/plain; charset=US-ASCII; format=flowed
To: users@httpd.apache.org
From: David Nedrow <listbox@nedron.net>
Date: Mon, 14 Feb 2005 20:57:02 -0500
X-Mailer: Apple Mail (2.619.2)
X-Virus-Checked: Checked
Subject: [users@httpd] Redirect question...
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

We are using Netegrity's SiteMinder product to authenticate internal 
users. It's an apache module that redirects users to a main 
authentication server, which auth's them, and returns them BACK to the 
original server.

Internally, we also run Nessus to scan hosts for security issues. There 
are a number of tests Nessus does that test for specific URLs. However, 
because of the initial redirect every URL test is positive.

Here's the question:

Is there any way to add some type of URL specific directive to the 
httpd conf that would return a 404 >before< handing off valid requests 
to the authentication server?

-David


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org