Hi all, I am currently struggling with Safari’s behaviour where it re-asks for a user certificate if the server accepted optional certificates but returned 403 Forbidden. I want the server to send the end user something sensible to explain what they should do, rather than just have their browser ask for a certificate they don’t have over and over (or they do have but they aren’t authorized).
So. I want to be able to send a 302 Temporary Redirect on authz failure, rather than a 403. Looking at mod_authz_core, we have the option to change a 401 response to a 403 response using AuthzSendForbiddenOnFailure, but I’d like more than that. I’m imagining a AuthzForbiddenResponse directive, which would override default behaviour as follows: AuthzForbiddenResponse 401 AuthzForbiddenResponse unauthorized AuthzForbiddenResponse 403 AuthzForbiddenResponse forbidden AuthzForbiddenResponse 302 [url-expression] AuthzForbiddenResponse redirect [url-expression] Does this sound sensible? Regards, Graham —
smime.p7s
Description: S/MIME cryptographic signature