subject:"mod_authz_core\: More control over the authz failed response"

Re: mod_authz_core: More control over the authz failed response

2017-09-22 Thread Graham Leggett

On 22 Sep 2017, at 12:12 PM, Yann Ylavic  wrote:

> I think:
>  ErrorDocument 403 https://somewhere/
> should work.

It does indeed!

https://httpd.apache.org/docs/2.4/mod/core.html#errordocument

Regards,
Graham
—



smime.p7s
Description: S/MIME cryptographic signature

Re: mod_authz_core: More control over the authz failed response

2017-09-22 Thread Yann Ylavic

On Fri, Sep 22, 2017 at 12:05 PM, Graham Leggett  wrote:
> On 22 Sep 2017, at 12:04 PM, Yann Ylavic  wrote:
>
>>> So. I want to be able to send a 302 Temporary Redirect on authz failure, 
>>> rather than a 403.
>>
>> Doesn't ErrorDocument work?
>
> I don’t follow, how would ErrorDocument change the response code from 403 to 
> 302?

I think:
  ErrorDocument 403 https://somewhere/
should work.

>
> Regards,
> Graham
> —
>

Re: mod_authz_core: More control over the authz failed response

2017-09-22 Thread Graham Leggett

On 22 Sep 2017, at 12:04 PM, Yann Ylavic  wrote:

>> So. I want to be able to send a 302 Temporary Redirect on authz failure, 
>> rather than a 403.
> 
> Doesn't ErrorDocument work?

I don’t follow, how would ErrorDocument change the response code from 403 to 
302?

Regards,
Graham
—

smime.p7s
Description: S/MIME cryptographic signature

Re: mod_authz_core: More control over the authz failed response

2017-09-22 Thread Yann Ylavic

Hi Graham,

On Fri, Sep 22, 2017 at 11:57 AM, Graham Leggett  wrote:
>
> So. I want to be able to send a 302 Temporary Redirect on authz failure, 
> rather than a 403.

Doesn't ErrorDocument work?


Regards,
Yann.

mod_authz_core: More control over the authz failed response

2017-09-22 Thread Graham Leggett

Hi all,

I am currently struggling with Safari’s behaviour where it re-asks for a user 
certificate if the server accepted optional certificates but returned 403 
Forbidden. I want the server to send the end user something sensible to explain 
what they should do, rather than just have their browser ask for a certificate 
they don’t have over and over (or they do have but they aren’t authorized).

So. I want to be able to send a 302 Temporary Redirect on authz failure, rather 
than a 403.

Looking at mod_authz_core, we have the option to change a 401 response to a 403 
response using AuthzSendForbiddenOnFailure, but I’d like more than that.

I’m imagining a AuthzForbiddenResponse directive, which would override default 
behaviour as follows:

AuthzForbiddenResponse 401
AuthzForbiddenResponse unauthorized

AuthzForbiddenResponse 403
AuthzForbiddenResponse forbidden

AuthzForbiddenResponse 302 [url-expression]
AuthzForbiddenResponse redirect [url-expression]

Does this sound sensible?

Regards,
Graham
—



smime.p7s
Description: S/MIME cryptographic signature

Re: mod_authz_core: More control over the authz failed response

Re: mod_authz_core: More control over the authz failed response

Re: mod_authz_core: More control over the authz failed response

Re: mod_authz_core: More control over the authz failed response

mod_authz_core: More control over the authz failed response

5 matches

Site Navigation

Mail list logo

Footer information