httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jsl...@gmail.com>
Subject Re: [users@httpd] How to prevent AuthBasic login pop-up after first failed login attempt
Date Thu, 13 Oct 2005 13:32:37 GMT
On 10/13/05, Martin Knoblauch <spamtrap@knobisoft.de> wrote:
> Hi,
>
>  for a secured webserver, I have the following setup/requirements
>
> a) HTTPS access only
> b) Clients need certificate
> c) for different parts of the site, I want to restrict access to
> certain certificates.
>
>  a) and b) work great. c) works mostly. I am using the SSLOption
> "FakeBasicAuth" to extract the DN from the certificate and check them
> against a htpasswd file. This works as expected when one of the
> "valid-users" is trying to request the page. If one with a valid
> certificate, but nonmatching DN comes along he is not let in (GOOD !!),
> but gets the log in pop-up (BAD !!). In that case I would like to
> immediately send the "forbidden" response. Is than possible at all?

This is just a guess, since I have never used FakeBasicAuth, but you might try
ErrorDocument 401 http://yoursite.example.com/errorpage.html
This will probably generate a warning in the error_log, since 401
error documents aren't supposed to be absolute URLs.  But in this
case, the effect of hiding the 401 status code is exactly what you
want, so you can ignore the warning.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message