Mailing List Archive

FcgidAccessChecker usage
I'm trying to determine the correct way to use the FcgidAccessChecker
directive. Unfortunately, the documentation is very sparse in this area.
I've been assuming that it should conform to the Fast CGI Specification
section "6.3 Authorizer".

I have succeeded in getting mod_fcgid to recognize a successful access
check by returning a "Status: 200 OK" line and no other header lines.
However, it's not at all clear from the mod_fcgid how an application can
cause something different to happen when access is denied.

Section 6.3 of the specification says, 'For Authorizer response status
values other than "200" (OK), the Web server denies access and sends the
response status, headers, and content back to the HTTP client.' My
understanding is that the authorizer application should be able to
return any response in exactly the same way that a normal responder
application would and if the response code is not 200, Apache will send
that entire response to the client. This would allow the application to
display an error page or redirect the client to an authentication page.

However, this is definitely not what mod_fcgid is doing. If the
application returns "Status: 400 Bad Request" and nothing else, Apache
sends a response starting with "HTTP/1.1 401 Authorization Required" and
the body is a generic error document that Apache must have generated

While mod_fcgid seems to ignore everything in the authorizer's response
apart from response code when that code is not 200, when it is 200,
mod_fcgid uses a "Location" header line in subsequent processing. Is
this the only mechanism to control what happens on an access check failure?

Jonathan Ross Rogers

To unsubscribe, e-mail:
For additional commands, e-mail: