> I'm getting quite a few requests like this:
>
> 00:38:13 202.109.105.67 GET /default.ida 401
> ...
> Interestingly though, my server is password protected. Does
> IIS log the request even if the page doesn't exist, and even
> if it did, couldn't be access due to the password protection
> anyway?
Yes, IIS logs every request, whether or not the request is successful - as
you can see, your server is returning a 401 status code indicating the need
to authenticate first, not a 200, which is what you'd get for a successful
request.
When you use a browser to request a URL that requires authentication, the
process looks like this.
1. Your browser sends the request:
GET /securedpage.html HTTP/1.1
...
2. The server returns a 401 status code.
3. Your browser displays a password prompt.
4. The browser sends the request again, this time with the authentication
info tacked onto the request.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
