Security Basics mailing list archives
False (?) 401 errors messages
From: "Jon Mark Allen" <jonmark () allensonthe net>
Date: Wed, 17 Dec 2003 10:34:28 -0600
I've written a custom 401 error page (using php) to notify me (via email) when someone fails to authenticate to a secure website I'm managing. The only problem is that I get an email for _every_ access — not just the ones that fail. The secure/protected portion of the site is forced over https. The only script that sends me this email is the 401 error page, yet when I log in, I see the correct page but still get an email! I've run a sniffer on my client when I accessed the page, but of course since it's over https, that doesn't help much. I do see a few packets to the effect of Protocol: TLS, Packet Body: Encrypted Alert (21) I've searched google (briefly) for this and haven't found anything. Also, my .htaccess file looks something like this: AuthType Basic AuthName "authName" AuthUserFile /<path outside of user-accessible space>/passwd require valid-user RequireSSL on ErrorDocument 401 /<local path outside of protected space>/401.php If you really want to see what the 401.php file looks like, I can send it, but I really don't think that's the problem. The question is _why_ it's being called in the first place?? Thanks again for all your help! Jon Mark --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- False (?) 401 errors messages Jon Mark Allen (Dec 17)
- Re: False (?) 401 errors messages Chris Ess (Dec 17)
- <Possible follow-ups>
- Re: False (?) 401 errors messages Jon Mark Allen (Dec 18)