Error_page and 401 code

Hi,

Recently I had a issue with auth module. I set one location to use basic
authentication and tried to login via web browser but I couldn’t. There
was a error message logged:

"no user/password was provided for basic authentication, client: "

immediately and no popup windows posted by web browser. I started to
review my config file and realized that error_page for 401 code was set
to use full address, like that:

error_page 401 http://website.com/error/index.html

Setting this page to use “relative path”

error_page 401 /error/index.html

actually solved the issue.

Can anyone explain, why 401 code can not be used with full webserver’s
address? (as far as I can see, this is the only error code which cause
troubles).

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,27040,27040#msg-27040

I’m not using this for other domains, just for my own. And the reason
I’m doing it is to prevent directory enumeration via webserver’s
response codes. If you put http://domain.com/error/index.html you will
get 302 in headers.

Anyways, having only 401 error code with relative path still do the
trick, but I’m just curious what’s so special about it that it must be
set this way.

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,27040,27353#msg-27353

On Tue, Dec 1, 2009 at 13:08, d2 [email protected] wrote:

Can anyone explain, why  401 code can not be used with full webserver’s address? (as far as I can see, this is the only error code which cause troubles).

I can’t, but why would you do that? If you were to change the domain
(or use that configuration for another site), you’d ahve to change
that error page, whereas if you keep it relative, you keep it simple -
so long as you also use root /path/to/htdocs in your locations.

Just my 2¢


() ascii-rubanda kampajno - kontraŭ html-a retpoŝto
/\ ascii ribbon campaign - against html e-mail