You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Graham Leggett <mi...@sharp.fm> on 2017/09/22 09:57:41 UTC
mod_authz_core: More control over the authz failed response
Hi all,
I am currently struggling with Safari’s behaviour where it re-asks for a user certificate if the server accepted optional certificates but returned 403 Forbidden. I want the server to send the end user something sensible to explain what they should do, rather than just have their browser ask for a certificate they don’t have over and over (or they do have but they aren’t authorized).
So. I want to be able to send a 302 Temporary Redirect on authz failure, rather than a 403.
Looking at mod_authz_core, we have the option to change a 401 response to a 403 response using AuthzSendForbiddenOnFailure, but I’d like more than that.
I’m imagining a AuthzForbiddenResponse directive, which would override default behaviour as follows:
AuthzForbiddenResponse 401
AuthzForbiddenResponse unauthorized
AuthzForbiddenResponse 403
AuthzForbiddenResponse forbidden
AuthzForbiddenResponse 302 [url-expression]
AuthzForbiddenResponse redirect [url-expression]
Does this sound sensible?
Regards,
Graham
—
Re: mod_authz_core: More control over the authz failed response
Posted by Graham Leggett <mi...@sharp.fm>.
On 22 Sep 2017, at 12:12 PM, Yann Ylavic <yl...@gmail.com> wrote:
> I think:
> ErrorDocument 403 https://somewhere/
> should work.
It does indeed!
https://httpd.apache.org/docs/2.4/mod/core.html#errordocument
Regards,
Graham
—
Re: mod_authz_core: More control over the authz failed response
Posted by Yann Ylavic <yl...@gmail.com>.
On Fri, Sep 22, 2017 at 12:05 PM, Graham Leggett <mi...@sharp.fm> wrote:
> On 22 Sep 2017, at 12:04 PM, Yann Ylavic <yl...@gmail.com> wrote:
>
>>> So. I want to be able to send a 302 Temporary Redirect on authz failure, rather than a 403.
>>
>> Doesn't ErrorDocument work?
>
> I don’t follow, how would ErrorDocument change the response code from 403 to 302?
I think:
ErrorDocument 403 https://somewhere/
should work.
>
> Regards,
> Graham
> —
>
Re: mod_authz_core: More control over the authz failed response
Posted by Graham Leggett <mi...@sharp.fm>.
On 22 Sep 2017, at 12:04 PM, Yann Ylavic <yl...@gmail.com> wrote:
>> So. I want to be able to send a 302 Temporary Redirect on authz failure, rather than a 403.
>
> Doesn't ErrorDocument work?
I don’t follow, how would ErrorDocument change the response code from 403 to 302?
Regards,
Graham
—
Re: mod_authz_core: More control over the authz failed response
Posted by Yann Ylavic <yl...@gmail.com>.
Hi Graham,
On Fri, Sep 22, 2017 at 11:57 AM, Graham Leggett <mi...@sharp.fm> wrote:
>
> So. I want to be able to send a 302 Temporary Redirect on authz failure, rather than a 403.
Doesn't ErrorDocument work?
Regards,
Yann.