> Chemolli Francesco (USI) wrote:
>
> > We could strip the Authenticate: NTLM from the reply.
> > But if there is no alternate authentication scheme offered
> > (as can be the case with braindamaged IIS) we need to offer an
> > ad-hoc error page, otherwise we'd have broken the auth protocol.
>
> Ah, well in such case the HTTP status code needs to be
> changed from 407
> to 403 I think.
That's correct in case of MS-proxies (or Squid-2.5DEVEL without Basic
auth).
But we must all the more handle WWW-Authorize and 401->403 for
uncooperative servers.
Actually, I prefer a squid-generated error page. Less confusing.
In both cases.
-- /kinkieReceived on Fri Apr 13 2001 - 03:43:34 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:13:45 MST