It's something a lot of people are bumping on. 401 HTTP covers both failed and missing authentication but isn't possible for Nginx to differentiate those states and thus only generate an error message on a failed (ie not empty credentials, either user or password containing something) attempt? That would make the error log more efficient as parsing it would provide more directly failed attempt to access a particular resource.
Is it the standard way of doing things or is it your own? Are there some use cases or reasons against differentiating 401 answers? --- *B. R.*
_______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
