Recently I had a issue with auth module. I set one location to use basic
authentication and tried to login via web browser but I couldn’t. There
was a error message logged:
"no user/password was provided for basic authentication, client: "
immediately and no popup windows posted by web browser. I started to
review my config file and realized that error_page for 401 code was set
to use full address, like that:
Can anyone explain, why 401 code can not be used with full webserver’s
address? (as far as I can see, this is the only error code which cause
troubles).
I’m not using this for other domains, just for my own. And the reason
I’m doing it is to prevent directory enumeration via webserver’s
response codes. If you put http://domain.com/error/index.html you will
get 302 in headers.
Anyways, having only 401 error code with relative path still do the
trick, but I’m just curious what’s so special about it that it must be
set this way.
Can anyone explain, why  401 code can not be used with full webserver’s address? (as far as I can see, this is the only error code which cause troubles).
I can’t, but why would you do that? If you were to change the domain
(or use that configuration for another site), you’d ahve to change
that error page, whereas if you keep it relative, you keep it simple -
so long as you also use root /path/to/htdocs in your locations.
Just my 2¢
–
() ascii-rubanda kampajno - kontraÅ html-a retpoÅto
/\ ascii ribbon campaign - against html e-mail
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.