remote_user and remote_password for custom http authentication?
Jed Schmidt
tr at nslator.jp
Mon Oct 15 10:19:54 MSD 2007
Roxis,
Thanks for pointing that out. I didn't realize that browsers actually
check first to see whether authorization is required. I've added this
rule to my location:
location / {
if ($http_authorization !~ ^Basic) {
add_header 'WWW-Authenticate' 'Basic realm="Restricted"';
return 401;
}
perl mymodule::auth;
}
and it returns the 401 correctly if there is no Authorization header,
but fails to add the WWW-Authenticate header. According to the
documentation, the add_header directive "adds headers to the HTTP
response when the response code is equal to 200, 204, 301, 302 or
304." Is the header being left off because it's a 401?
Thanks again for your help, guys.
Jed
On 10/15/07, Roxis <roxis at list.ru> wrote:
> On Sunday 14 October 2007, Jed Schmidt wrote:
> > curl http://user:pass@72.44.41.145/beta/authcheck.html
> >
> > I get
> >
> > http_authorization: Basic dXNlcjpwYXNz
> >
> > But when I use Firefox or Safari to get _the_same_URL_, I get
> >
> > http_authorization:
> >
> > I am totally at a loss. Would someone mind giving this URL a try and
> > tell me what I'm doing wrong?
>
> you url does not require an authorization, that why some browsers don't auth
>
>
More information about the nginx
mailing list