It's something a lot of people are bumping on.
401 HTTP covers both failed and missing authentication but isn't possible
for Nginx to differentiate those states and thus only generate an error
message on a failed (ie not empty credentials, either user or password
containing something) attempt?
That would make the error log more efficient as parsing it would provide
more directly failed attempt to access a particular resource.
Is it the standard way of doing things or is it your own?
Are there some use cases or reasons against differentiating 401 answers?
---
*B. R.*
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx