Forum Discussion
NimbostratusHow can we block the Basic Authentication Page?
HTTP/1.1 401 Unauthorized Date: Tue, XX Mar XXXX 14:42:11 GMT Www-authenticate: Basic realm="Oracle iPlanet Web Server" Content-length: 223 Content-type: text/html Connection: close
Unauthorized
Unauthorized Proper authorization is required for this area. Either your browser does not perform authorization, or your authorization has failed. ā
3 Replies
- Can you give some more info on your situation? Sorry, I don't understand exactly what you are asking.
Daniel_VarelaEmployee
If you are using ASM you can remove 401 status code from Allowed Response Status Codes in the Policy Properties (advanced options).
By doing this if you are in blocking mode and your blocking settings block is selected for Illegal HTTP status in response, ASM will send a blocking page to the client which is an HTTP 200 OK.
Does this help?
Stanislas_Piro2Cumulonimbus
Hi,
what do you need exactly?
if the server request authentication, you won't be able to browse it before being authenticated.
do you want to deny access to password protected ressources on the web site?
You can block 401 response code and replace it by a "access denied" with 403 response code in a irule or with ASM
Do not forget to remove Authorization header in request to prevent user to insert it even if the server never sent 401 request.
when HTTP_REQUEST { HTTP::header remove Authorization } when HTTP_RESPONSE { if { [HTTP::status] eq "401" } { HTTP::respond 403 content { Denied Page Denied } noserver "Connection" "Close" return } }
