remote_user and remote_password for custom http authentication?

Jed Schmidt tr at nslator.jp
Mon Oct 15 10:19:54 MSD 2007


Roxis,

Thanks for pointing that out. I didn't realize that browsers actually
check first to see whether authorization is required. I've added this
rule to my location:

location / {
   if ($http_authorization !~ ^Basic) {
      add_header   'WWW-Authenticate'   'Basic realm="Restricted"';
      return 401;
   }
   perl  mymodule::auth;
}

and it returns the 401 correctly if there is no Authorization header,
but fails to add the WWW-Authenticate header. According to the
documentation, the add_header directive "adds headers to the HTTP
response when the response code is equal to 200, 204, 301, 302 or
304." Is the header being left off because it's a 401?

Thanks again for your help, guys.

Jed

On 10/15/07, Roxis <roxis at list.ru> wrote:
> On Sunday 14 October 2007, Jed Schmidt wrote:
> > curl http://user:pass@72.44.41.145/beta/authcheck.html
> >
> > I get
> >
> > http_authorization: Basic dXNlcjpwYXNz
> >
> > But when I use Firefox or Safari to get _the_same_URL_, I get
> >
> > http_authorization:
> >
> > I am totally at a loss. Would someone mind giving this URL a try and
> > tell me what I'm doing wrong?
>
> you url does not require an authorization, that why some browsers don't auth
>
>





More information about the nginx mailing list