False (?) 401 errors messages
From: Jon Mark Allen (jonmark_at_allensonthe.net)
Date: 12/17/03
- Previous message: Fernando Serto: "Re: dns daemon version"
- Next in thread: Chris Ess: "Re: False (?) 401 errors messages"
- Reply: Chris Ess: "Re: False (?) 401 errors messages"
- Maybe reply: Jon Mark Allen: "Re: False (?) 401 errors messages"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 17 Dec 2003 10:34:28 -0600 To: security-basics@securityfocus.com
I've written a custom 401 error page (using php) to notify me (via email) when someone fails to authenticate to a secure website I'm managing. The only problem is that I get an email for _every_ access — not just the ones that fail.
The secure/protected portion of the site is forced over https. The only script that sends me this email is the 401 error page, yet when I log in, I see the correct page but still get an email! I've run a sniffer on my client when I accessed the page, but of course since it's over https, that doesn't help much. I do see a few packets to the effect of
Protocol: TLS, Packet Body: Encrypted Alert (21)
I've searched google (briefly) for this and haven't found anything.
Also, my .htaccess file looks something like this:
AuthType Basic
AuthName "authName"
AuthUserFile /<path outside of user-accessible space>/passwd
require valid-user
RequireSSL on
ErrorDocument 401 /<local path outside of protected space>/401.php
If you really want to see what the 401.php file looks like, I can send it, but I really don't think that's the problem. The question is _why_ it's being called in the first place??
Thanks again for all your help!
Jon Mark
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Fernando Serto: "Re: dns daemon version"
- Next in thread: Chris Ess: "Re: False (?) 401 errors messages"
- Reply: Chris Ess: "Re: False (?) 401 errors messages"
- Maybe reply: Jon Mark Allen: "Re: False (?) 401 errors messages"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
