Hello! On Sun, Oct 20, 2013 at 05:17:37PM -0400, B.R. wrote:
> It's something a lot of people are bumping on. > > 401 HTTP covers both failed and missing authentication but isn't possible > for Nginx to differentiate those states and thus only generate an error > message on a failed (ie not empty credentials, either user or password > containing something) attempt? > That would make the error log more efficient as parsing it would provide > more directly failed attempt to access a particular resource. > > Is it the standard way of doing things or is it your own? > Are there some use cases or reasons against differentiating 401 answers? The difference is already here. The message "no user/password was provided for basic authentication", as in original message, means exactly that: there are no credentials provided. On failed authentication, the "user ...: password mismatch" message is logged. On unknown user, the "user ... was not found in ..." message is logged. It might make sense to downgrade the "no user/password ..." message severity. Not sure though. -- Maxim Dounin http://nginx.org/en/donation.html _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
