Moritz Maisel wrote: > Hi List, > > I wrote a PerlAuthenHandler to authenticate users that access a > webservice. I supposed that by returning either "OK" or > "HTTP_UNAUTHORIZED" back to apache2 it will allow or deny acces due to > the "require valid-user" directive that I set. > My problem is, that apache executes my handler, but it does not take > care of my return-values. Instead it always serves the request and > grants access.
The HTTP codes are HTTP return codes, not handler return codes. Use FORBIDDEN instead. -- Michael Peters Developer Plus Three, LP
