Hi Joao, On Thu, May 21, 2020 at 09:41:19PM -0300, Joao Morais wrote: > > Hello list, the 401 is one of the http status code haproxy generates itself: > > https://github.com/haproxy/haproxy/blob/v2.1.0/doc/configuration.txt#L363 > > This cannot however be overwritten using the errorfile keyword as stated in > the doc: > > https://github.com/haproxy/haproxy/blob/v2.1.0/doc/configuration.txt#L3558 > > and also testing myself: > > [WARNING] 142/002731 (1) : parsing [/tmp/haproxy/h.cfg:9] : status code > 401 not > handled by 'errorfile', error customization will be ignored. > > I'm aware that a Lua script can generate a custom page and an arbitrary http > status code which could work around this: > > core.register_service("send-401", "http", function(applet) > send(applet, 401, [[ > <html><body>My custom 401 page</body></html> > ]]) > end) > > ... but is there a way to, instead, customize the output of `http-request > auth`?
I had a look in the code and not, it's not possible right now, the message is constructed in function http_reply_40x_unauthorized(). It's sad because what this function does is only a subset of what is possible to do with the new configurable error files. But it takes one extra argument that needs to be emitted and that makes it impossible to express as a regular error file. In an ideal world this function should call what is used normally to build an error message, then just concatenate the addition of the "basic realm=" and auth_realm into either www-authenticate or proxy-authenticate and that should work. I'm CCing Christopher in case he sees a trivial way to do this. Digging into this also made me realize that all but two of the HTTP_xxx messages defined in http.c are not used anymore and could be removed. I'm even suspecting the remaining ones (302 and 303) might be accidental leftovers. Willy
