All,
During the Authentication phase, Any custom responses
that need to be sent back to a user, MUST be sent with
FORBIDDEN using custom_repsonse?
Under Authentication 200 (OK) simply lets Apache Move
on the to the next phase (authz, content etc..)...
I have an authen handler which uses cookies.. and only
accepts username and password submits under https...
I'm getting grief from our sysadmin that there's too
many 403's being served...
1) to redirect the user from their http request to a
https page..
2) custom response showing the login page
3) redirect user to original http page
so 3 403's when a user has no valid cookie....
Is this abnormal? Is there anything I could do to
reduce this?
Marty
___________________________________________________________
To help you stay safe and secure online, we've developed the all new Yahoo!
Security Centre. http://uk.security.yahoo.com
