I've recently been tasked to implement mod_dontdothat, and the implementation is in jeopardy of being cancelled due to the apparent lack of ability to customize the error messaging returned to the user when mod_dontdothat disallows an action. Is there some means I'm missing of configuring this?
As I understand it, when an action is disallowed, mod_dontdothat basically returns 'nope' which Apache then translated into a 403 which is returned to the user. The (uneducated) user gets a pop-up from Tortoise/Cornerstone and basically doesn't know why they're denied. In fact, if they pay any attention at all, they 'recognize' the pop-up and think their password is wrong. :( Is there some means to actually tell the user they authenticated successfully, but they tried an action that we're disallowing? Ideally we'd point them to a wiki showing what is/isn't allowed. -- Douglas J Hunley (doug.hun...@gmail.com) Twitter: @hunleyd Web: douglasjhunley.com G+: http://goo.gl/sajR3
