Le 27/05/2020 à 19:55, Willy Tarreau a écrit :
Hi Christopher,
On Wed, May 27, 2020 at 07:03:58PM +0200, Christopher Faulet wrote:
Here are patches to handle customizable 401/407 messages. In fact, only the
second patch is really meaningful. There is no change for the http-request
auth rule from the configuration point of view. Internally, we rely on the
proxy's error messages. It means 401 and 407 status codes are allowed on
"errorfile" and "http-error" lines.
I love patches like this which remove more code than they add :-)
I'd have a minor request, which is to remove the empty www-authenticate
and proxy-authenticate headers from the default response templates. Since
the header is not edited in place but removed, it will make no difference,
and at least if someone sends them as-is with http-request deny, we won't
be sending an empty realm nor enforcing basic auth, but the browser will
be free to do whatever it wants. In addition it would allow the user to
manually append the header in a deny or return rule.
Looks pretty good otherwise.
Thanks Willy. I updated and pushed my patches.
--
Christopher Faulet
