On 01.05.2012 11:22, Henrik Nordström wrote:
tis 2012-05-01 klockan 10:39 +1200 skrev Amos Jeffries:
Given that the extension status code 511 is now an official code
(http://www.rfc-editor.org/rfc/rfc6585.txt), how do we all feel
about
causing it to be emitted whenever an intercepted request is
configured
to require proxy_auth satisfaction for ACLs?
and what would the 511 contain?
I was thinking the usual ERR_ACCESS_DENIED or the ERR_AGENT_CONFIGURE
page.
There is no path forward from there for proxy HTTP auth, And there
won't
ever be.
511 is just an server error response code, unrelated to
authentication
as such. It's meant for captive portals where session state is kept
separately, i.e. forms based logins keeping state linked to the
requesting IP.
I know. I'm thinking it is somewhat more useful and less dangerous than
403 from an intermediary with its explicit MUST NOT cache semantics and
clear indication that its authentication reject is not related to the
origin server. The 403 can enter popup loops.
Amos
