Forum Discussion
Stanislas_Piro2
Apr 07, 2016Cumulonimbus
Hi,
what do you need exactly?
if the server request authentication, you won't be able to browse it before being authenticated.
do you want to deny access to password protected ressources on the web site?
You can block 401 response code and replace it by a "access denied" with 403 response code in a irule or with ASM
Do not forget to remove Authorization header in request to prevent user to insert it even if the server never sent 401 request.
when HTTP_REQUEST {
HTTP::header remove Authorization
}
when HTTP_RESPONSE {
if { [HTTP::status] eq "401" } {
HTTP::respond 403 content {
Denied
Page Denied
} noserver "Connection" "Close"
return
}
}