Gorufu
msg:1515490 | 12:47 pm on May 18, 2001 (gmt 0) |
You should be able to create custom 401 error pages for failed password attemps if the errorpage is not in a protected directory.
Add to .htaccess ErrorDocument 401 /pathto/errorpages/401.html
|
andytt
msg:1515491 | 12:48 pm on May 18, 2001 (gmt 0) |
You need to add a line like this to your htaccess file ErrorDocument 401 /access_denied.htm pointing to the document to serve up if the password is wrong
|
andytt
msg:1515492 | 12:48 pm on May 18, 2001 (gmt 0) |
You need to add a line like this to your htaccess file ErrorDocument 401 /access_denied.htm pointing to the document to serve up if the password is wrong
|
knighty
msg:1515493 | 12:56 pm on May 18, 2001 (gmt 0) |
Cool, Thanks guys! how secure is this method i.e. how easy for someone to hack etc?
|
Froggyman
msg:1515494 | 8:32 pm on May 20, 2001 (gmt 0) |
I use password protected directories and custom error redirects but for some reason it won't work with a 401. Instead of asking for a password it sends you to the 401 page regardless. May be the way the server is set up (beyond my control) or something else but I have noticed the same on other sites. Password protected directories are about as safe as the directory the password is kept in. The actual .htpasswd file can easily be cracked if found so give the directory it is kept in a good cryptic name. Dont place it among your common files.
|
|
