Menu
I've set my ErrorDocument 401 to point to my website's account creation page, but not all browsers seem to honor this redirect (Safari).
Also, other browsers (Firefox, Chrome) never quit asking for the password and show the ErrorDocument. This causes a good number of users to give up trying after many password attempts without seeing the account creation page.
Is there any way to make the redirect more reliable, without trashing basic authentication altogether?
717
Apache supports one other authentication method: AuthType Digest . This method is implemented by mod_auth_digest and is much more secure. Most recent browsers support Digest authentication. The AuthName directive sets the Realm to be used in the authentication.
Introduction. HttpClient supports three different types of http authentication schemes: Basic, Digest and NTLM. These can be used to authenticate with http servers or proxies.
The simple answer to your question is no, you can't make this more reliable without implementing custom authentication.
The only way that Firefox and Chrome will display page that you specified in the ErrorDocument 401 directive is if you click cancel button. Also, there is no redirect sent with the 401 HTTP code; rather, it is a content of the document specified with ErrorDocument 401 directive. You can do redirect using HTML meta tag:
<Location "/protected">
AuthUserFile /path/to/users
AuthName "This is protected area"
AuthGroupFile /dev/null
AuthType Basic
Require valid-user
#ErrorDocument 401 /register.html
ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=/register.html\"></html>"
</Location>
Possible solutions to your problem are to create custom basic HTTP authentication module or to use language like php that supports basic HTTP authentication hooks
http://php.net/manual/en/features.http-auth.php
180
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
