Forum Discussion
Kai_Wilke
Dec 10, 2015MVP
Hi Erich,
I'm not sure if I got every detail of your explanation, but it looks like you are aiming for a simple "username" access-list/filter infront of the real server. Right?
Then you may try this code...
set userlist "foo bar"
catch HTTP::username username
if { [lsearch $userlist $username] equals -1 } then {
ACCESS::session remove
HTTP::respond 401 content "Authentication Required" \
"Content-Type" "text/html" \
"WWW-Authenticate" "Basic realm=\"[HTTP::host]\""
return
}
BTW: If your application doesn't even send an error code 401 on allowed username but wrong passwords, then you have to provide additional information about the HTTP::response the server is sending.
Cheers, Kai