Re: mod_authz_core: More control over the authz failed response
On 22 Sep 2017, at 12:12 PM, Yann Ylavicwrote: > I think: > ErrorDocument 403 https://somewhere/ > should work. It does indeed! https://httpd.apache.org/docs/2.4/mod/core.html#errordocument Regards, Graham — smime.p7s Description: S/MIME cryptographic signature
Re: mod_authz_core: More control over the authz failed response
On Fri, Sep 22, 2017 at 12:05 PM, Graham Leggettwrote: > On 22 Sep 2017, at 12:04 PM, Yann Ylavic wrote: > >>> So. I want to be able to send a 302 Temporary Redirect on authz failure, >>> rather than a 403. >> >> Doesn't ErrorDocument work? > > I don’t follow, how would ErrorDocument change the response code from 403 to > 302? I think: ErrorDocument 403 https://somewhere/ should work. > > Regards, > Graham > — >
Re: mod_authz_core: More control over the authz failed response
On 22 Sep 2017, at 12:04 PM, Yann Ylavicwrote: >> So. I want to be able to send a 302 Temporary Redirect on authz failure, >> rather than a 403. > > Doesn't ErrorDocument work? I don’t follow, how would ErrorDocument change the response code from 403 to 302? Regards, Graham — smime.p7s Description: S/MIME cryptographic signature
Re: mod_authz_core: More control over the authz failed response
Hi Graham, On Fri, Sep 22, 2017 at 11:57 AM, Graham Leggettwrote: > > So. I want to be able to send a 302 Temporary Redirect on authz failure, > rather than a 403. Doesn't ErrorDocument work? Regards, Yann.
mod_authz_core: More control over the authz failed response
Hi all, I am currently struggling with Safari’s behaviour where it re-asks for a user certificate if the server accepted optional certificates but returned 403 Forbidden. I want the server to send the end user something sensible to explain what they should do, rather than just have their browser ask for a certificate they don’t have over and over (or they do have but they aren’t authorized). So. I want to be able to send a 302 Temporary Redirect on authz failure, rather than a 403. Looking at mod_authz_core, we have the option to change a 401 response to a 403 response using AuthzSendForbiddenOnFailure, but I’d like more than that. I’m imagining a AuthzForbiddenResponse directive, which would override default behaviour as follows: AuthzForbiddenResponse 401 AuthzForbiddenResponse unauthorized AuthzForbiddenResponse 403 AuthzForbiddenResponse forbidden AuthzForbiddenResponse 302 [url-expression] AuthzForbiddenResponse redirect [url-expression] Does this sound sensible? Regards, Graham — smime.p7s Description: S/MIME cryptographic signature