HTTP Response Code for Proxy Authorization Failure

StackOverflow https://stackoverflow.com/questions/14849923

Pregunta

What should be the HTTP response code for Proxy Authorization failure? I know that 407 is the response code for requesting Proxy Authorization. But, once the clients sends the authentication info to the proxy and if it is incorrect, the what should the proxy return? If it returns 401 response code, then how will the client identify that it is an authentication failure on the proxy and not on the end resource?

¿Fue útil?

Solución

Well, if there is an authorization failure for a 401-protected resource, the server simply responds with another 401:

Request URL:https://mysite.com/myresource/
Request Method:GET
Status Code:401 Authorization Required

Request Headers

Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Authorization:Digest username="gjggj", realm="apps", nonce="75602afa895d26f9796f3c9174cf83f3", uri="/misc/apps/", algorithm=MD5, response="9e113b10d3e95b590bdef0fc7c7c617b", qop=auth, nc=00000001, cnonce="61f73b73f6b33ea2"
Cache-Control:max-age=0
Connection:keep-alive
Host:game-point.net
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17

Response Headers

Cache-Control:no-cache
Connection:close
Content-Length:534
Content-Type:text/html
Date:Wed, 13 Feb 2013 11:07:26 GMT
Pragma:no-cache
Server:Cherokee/1.0.8 (Debian GNU/Linux)
WWW-Authenticate:Digest realm="apps", nonce="75602afa895d26f9796f3c9174cf83f3", qop="auth", algorithm="MD5"

So I'd say the way to deal with a 407 authorization failure is for the server to respond with a 407 status code despite the fact that the browser has sent authorization information; this shows that the authorization is still needed with the proxy, and implies that there was an authorization failure simply because you're still getting a 407 status code.

Otros consejos

From official body:

http://www.ietf.org/rfc/rfc2617.txt

If the origin server does not wish to accept the credentials sent
with a request, it SHOULD return a 401 (Unauthorized) response. The
response MUST include a WWW-Authenticate header field containing at
least one (possibly new) challenge applicable to the requested
resource. If a proxy does not accept the credentials sent with a
request, it SHOULD return a 407 (Proxy Authentication Required). The
response MUST include a Proxy-Authenticate header field containing a
(possibly new) challenge applicable to the proxy for the requested
resource.
Licenciado bajo: CC-BY-SA con atribución
No afiliado a StackOverflow
scroll top