On 01.05.2012 11:22, Henrik Nordström wrote:
> tis 2012-05-01 klockan 10:39 +1200 skrev Amos Jeffries:
>> Given that the extension status code 511 is now an official code
>> (http://www.rfc-editor.org/rfc/rfc6585.txt), how do we all feel
>> about
>> causing it to be emitted whenever an intercepted request is
>> configured
>> to require proxy_auth satisfaction for ACLs?
>
> and what would the 511 contain?
I was thinking the usual ERR_ACCESS_DENIED or the ERR_AGENT_CONFIGURE
page.
>
> There is no path forward from there for proxy HTTP auth, And there
> won't
> ever be.
>
> 511 is just an server error response code, unrelated to
> authentication
> as such. It's meant for captive portals where session state is kept
> separately, i.e. forms based logins keeping state linked to the
> requesting IP.
I know. I'm thinking it is somewhat more useful and less dangerous than
403 from an intermediary with its explicit MUST NOT cache semantics and
clear indication that its authentication reject is not related to the
origin server. The 403 can enter popup loops.
Amos
Received on Tue May 01 2012 - 00:27:51 MDT
This archive was generated by hypermail 2.2.0 : Tue May 01 2012 - 12:00:09 MDT