HTTP_UNAUTHORIZED 401

[adelante]

Sigh, not again.... I'm really REALLY sorry.

But I'm asked in a script to either return that session id, or return a HTTP_UNAUTHORIZED 401, and googled all day for the subject, but I can't find anything about the last option.

Is it posible to return such a message?

http://perl.apache.org/docs/2.0/user/handlers/http.html

says something about it, but not how to return a HTTP_UNAUTHORIZED 401 ( atleast it doesn't work for me.

is it possible to turn something that isn't really true?? it could as well have been a "404", however I'm asked to return a "401

 

[mbrooks]

Well under mod_perl you would use the Apache::Constants module like so.

#!/usr/bin/perl

use Apache::Constants ':response';

print NOT_AUTHORITATIVE;

http://search.cpan.org/~gozer/mod_perl-1.29/Constants/Constants.pm

M. Brooks

http://mbrooks.info

 

[yai]

if you use HTTP:aemon, use the ->send_error(RC_FORBIDDEN) method.

 

[adelante]

Thanks alot, but none of them seem to work.

I have tried:

#!/usr/bin/perl

use Apache::Constants ':response';
use HTTP::Daemon;

print "Content-type: text/html\n\n";
print "<html><h1>Hello!</h1></html>\n";

And it shows Hello!

But alone this just returns a error 500:

#!/usr/bin/perl

use Apache::Constants ':response';

print NOT_AUTHORITATIVE;

and

HTTP:aemon, use the ->send_error(RC_FORBIDDEN) method
... I really dont know what to do with it, I tried this in blind:

#!/usr/bin/perl
use HTTP::Daemon;
my $c = HTTP::Daemon->new || die;
$c->send_error(RC_FORBIDDEN);
$c->close;
undef($c);

I dont know what to do. Both examples were almost carved out for me, but they just dont work.

Any ideas are welcome!

 

[Kirsle]

HTTP:aemon afaik is for programming your own HTTP server to run from the Perl script and wouldn't be applicable in this case...

#!/usr/bin/perl -w

print "Status-Code: 401 Not Authorized\n\n";

-------------
Cuvou.com | The NEW Kirsle.net

 

[adelante]

Thanks, but I dont get the real error page, similar to the 404 error page...

I just get a blank page, I can see in the output that it DOES says "Status-Code: 401 Not Authorized" but I'm not getting the "real" error page - I'm using OpenWave to see what exactly is being sent (btw is there a better program that for peeping in the traffic?)

I'm a bit unhappy about cpan they show all kinds of scripts, but not a simple one, to catch the concept. Well, I guess I'm the dummy here.

 

[Kirsle]

After posting my last reply I did some more research on the matter. The correct procedure was this:

print "Status: 401 Not Authorized\n\n";

In PHP, you can print out the entire response header, beginning with the "HTTP/1.1 200 Okay" line, but Apache doesn't allow Perl to print this first line, it instead looks for the Perl-supplied Status: header.

http://web-sniffer.net/

this is a site I used to monitor the request and response headers. When setting the "Status" header, my server responded:

HTTP Status Code: HTTP/1.1 401 Not Authorized
Date:	Sat, 03 Feb 2007 19:23:54 GMT	CRLF
Server:	Apache/2.0.59 (Win32)	CRLF
Content-Length:	0	CRLF
Connection:	close	CRLF
Content-Type:	text/plain; charset=utf-8	CRLF

The server *is* sending the correct headers, but for some reason web browsers still try to show a page rather than give an actual error message.

I'm thinking the status code is for internal use with web clients and that generally page content is given with them anyway. For example, some sites have custom 404 error pages. It sends to the browser "404 Not Found" but also sends a webpage. The browser makes a mental note that the page doesn't exist and therefore won't cache it or store it in the history, but still gets a page from the server.

-------------
Cuvou.com | The NEW Kirsle.net

 

[adelante]

>> I did some more research on the matter
What did you search for on google?? I never find what I'm looking for.

It sucks that apache wont let perl mess with the real thing.

Anyway, I think it works, it's for a programmer who insisted in getting the 401 message for a java thing.

You are right, now that I think about it, many sites got a fancy 404 page, but it's the header that makes the difference.

I bookmarked the websniffer, but if you want a program to see what is going on, openwave isn't bad either. You get a phone browser, but apart from that you see everything transfered just like it was a usual browser, even images.

Thanks alot!

 

[Kirsle]

I just did another quick test. I used web sniffer to get a page from my site which is blocked via .htaccess and normally returns a standard Apache "Forbidden" error. The response was:

HTTP Response Header
Name	Value	Delim
HTTP Status Code: HTTP/1.1 403 Forbidden
Date:	Sat, 03 Feb 2007 23:55:04 GMT	CRLF
Server:	Apache/2.0.59 (Win32)	CRLF
Content-Length:	285	CRLF
Connection:	close	CRLF
Content-Type:	text/html; charset=iso-8859-1	CRLF

Content (0.28 KiB)
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /data/
on this server.</p>
<hr>
<address>Apache/2.0.59 (Win32) Server at [URL unfurl="true"]www.cuvou.com[/URL] Port 80</address>
</body></html>

So, the Apache server returns a 403 Forbidden in the header, and also returns the web page you typically see when you get a Forbidden error.

That'll shed a last bit of light on the topic. So, return a 401 Not Authorized but also a page for the browser to see.

-------------
Cuvou.com | The NEW Kirsle.net

 

[KevinADC]

the problem is that http response status headers are advisory only. Each web browser is free do whatever it wants with a status header, from ignoring it to displaying it's own custom pages (by the browser itself) based on the response status header.

Perl can issue a complete set of headers. I have never had a need to try this but it's directly supported by the CGI module:

http://perldoc.perl.org/CGI.html#USING-NPH-SCRIPTS

- Kevin, perl coder unexceptional!