>-----Original Message----- >From: André Warnier [mailto:a...@ice-sa.com] >Sent: Friday, November 30, 2012 8:20 AM >To: Tomcat Users List >Subject: Re: Context Path for a subdirectory >> >>Leo Donahue - RDSA IT wrote: >> >> If I can tag another question on the end of this thread: >> >> The Remote Address Filter has an option to set the denyStatus from 403 to >404, or whatever. In general, I'm guessing it's better to respond that a >restricted resource is not found, rather than respond that is it there but >forbidden? >> > >Purely personal opinion : by doing this, you "kind of" violate the spirit of >the HTTP >specification, and you create some confusion at the technical level. >And, essentially, you are lying to the client. >So, in general, it is not "better". > >But hey, it's your server, so you're free to return whatever you believe is >most appropriate. >Within limits though. For example, if somewhere you provide a link to that >section for >some people, but when they click on it, they get a "not found", they may think >that your >application isn't working, or that your documentation is incorrect. While if >they get a >"forbidden", they may realise that they need to ask for a permission. >
Why is denyStatus an option? Why would someone use it? Leo --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
