Re: better messaging w/ mod_dontdothat?

Wed, 05 Sep 2012 13:47:00 -0700 

On Wed, Sep 5, 2012 at 2:56 PM, Doug Hunley <doug.hun...@gmail.com> wrote:

> I've recently been tasked to implement mod_dontdothat, and the
> implementation is in jeopardy of being cancelled due to the apparent
> lack of ability to customize the error messaging returned to the user
> when mod_dontdothat disallows an action. Is there some means I'm
> missing of configuring this?
>
> As I understand it, when an action is disallowed, mod_dontdothat
> basically returns 'nope' which Apache then translated into a 403 which
> is returned to the user. The (uneducated) user gets a pop-up from
> Tortoise/Cornerstone and basically doesn't know why they're denied. In
> fact, if they pay any attention at all, they 'recognize' the pop-up
> and think their password is wrong. :(
>
> Is there some means to actually tell the user they authenticated
> successfully, but they tried an action that we're disallowing? Ideally
> we'd point them to a wiki showing what is/isn't allowed.
>
>
Assume you already looked at the code?  The comments are interesting and
might point in a direction to go:


      /* If we found something that isn't allowed, set the correct status
       * and return an error so it'll bail out before it gets anywhere it
       * can do real damage. */
      if (ctx->no_soup_for_you)
        {
          /* XXX maybe set up the SVN-ACTION env var so that it'll show up
           *     in the Subversion operational logs? */

          ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, f->r,
                        "mod_dontdothat: client broke the rules, "
                        "returning error");

          /* Ok, pass an error bucket and an eos bucket back to the client.
           *
           * NOTE: The custom error string passed here doesn't seem to be
           *       used anywhere by httpd.  This is quite possibly a bug.
           *
           * TODO: Try and pass back a custom document body containing a
           *       serialized svn_error_t so the client displays a better
           *       error message. */
          bb = apr_brigade_create(f->r->pool, f->c->bucket_alloc);
          e = ap_bucket_error_create(403, "No Soup For You!",
                                     f->r->pool, f->c->bucket_alloc);
          APR_BRIGADE_INSERT_TAIL(bb, e);
          e = apr_bucket_eos_create(f->c->bucket_alloc);
          APR_BRIGADE_INSERT_TAIL(bb, e);

          /* Don't forget to remove us, otherwise recursion blows the
stack. */
          ap_remove_input_filter(f);

          return ap_pass_brigade(f->r->output_filters, bb);
        }



-- 
Thanks

Mark Phippard
http://markphip.blogspot.com/

Reply via email to