HTTP response code for proxy authorization failure

Question

HTTP response code for proxy authorization failure

What should be the HTTP response code for proxy proxy authorization? I know that 407 is the response code for the proxy authorization request. But as soon as clients send authentication information to the proxy server, and if this is not true, then what should the proxy return? If he returns a 401 response code, then how will the client identify that it is an authentication error on the proxy, and not on the final resource?

+4

http http-status-codes http-status-code-401 http-status-code-407

Mediumone Feb 13 '13 at 9:08

source share

2 answers

From the official authority:

http://www.ietf.org/rfc/rfc2617.txt

 If the origin server does not wish to accept the credentials sent with a request, it SHOULD return a 401 (Unauthorized) response. The response MUST include a WWW-Authenticate header field containing at least one (possibly new) challenge applicable to the requested resource. If a proxy does not accept the credentials sent with a request, it SHOULD return a 407 (Proxy Authentication Required). The response MUST include a Proxy-Authenticate header field containing a (possibly new) challenge applicable to the proxy for the requested resource.

+2

gavenkoa Nov 29 '13 at 9:41

source share

Jez · Accepted Answer · 2013-02-13T11:45:10+0000

Well, if there is an authorization error for a resource with 401 protection, the server simply responds to the other 401:

Request URL:https://mysite.com/myresource/ Request Method:GET Status Code:401 Authorization Required Request Headers Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3 Accept-Encoding:gzip,deflate,sdch Accept-Language:en-US,en;q=0.8 Authorization:Digest username="gjggj", realm="apps", nonce="75602afa895d26f9796f3c9174cf83f3", uri="/misc/apps/", algorithm=MD5, response="9e113b10d3e95b590bdef0fc7c7c617b", qop=auth, nc=00000001, cnonce="61f73b73f6b33ea2" Cache-Control:max-age=0 Connection:keep-alive Host:game-point.net User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17 Response Headers Cache-Control:no-cache Connection:close Content-Length:534 Content-Type:text/html Date:Wed, 13 Feb 2013 11:07:26 GMT Pragma:no-cache Server:Cherokee/1.0.8 (Debian GNU/Linux) WWW-Authenticate:Digest realm="apps", nonce="75602afa895d26f9796f3c9174cf83f3", qop="auth", algorithm="MD5"

So, I would say that the way to deal with 407 authorization failure is that the server responds with a 407 status code, despite the fact that the browser has sent authorization information; this shows that authorization is still necessary with the proxy server and implies that the authorization failed just because you still get the 407 status code.

HTTP response code for proxy authorization failure

More articles: