Goahead2.5 source code analysis-access verification (Security. c)

Security. c

The main function is to verify the login user information. The corresponding information is displayed on the page. If the information fails, the error page is displayed. If the information is successful, the user name and password are verified.

Bytes -----------------------------------------------------------------------------------------------------------------

 

Intwebssecurityhandler (webs_t WP, char_t * urlprefix, char_t * webdir, int Arg,

Char_t * URL, char_t * path, char_t * query)

Function: Verify the user's login information and display the corresponding page

Note:

First, determine whether SSL is supported. If SSL is supported, first obtain whether the path is encrypted. If the obtained value is inconsistent with that of flag, status Code 405 is reported to the browser (the method specified in the request is disabled)

Then obtain the access method;

If it is debugging and the flag is webs_local_request, you can access it smoothly;

If the access method is am_none, Status Code 404 and page not found are output (the server cannot find the requested webpage)

If such a user does not exist, output 401 (requires authentication)

Determines whether the user can access the path. If the user cannot access the path, the output is 403 (the server rejects the request)

Obtain the user password. If the password does not match, output 401 (authentication required)

Obtain the digest authentication string. If it does not match, the output is 401 (authentication is required)

If the authentication method is not am_full, output 401 (authentication required)

401 is the pop-up window in the browser, requiring you to enter the user name and password

Bytes -----------------------------------------------------------------------------------------------------------------

 

Note: Frequently Used HTTP Status Codes

HTTP status code

The following provides a complete list of HTTP status codes.

1xx (temporary response)
The status code that indicates a temporary response and requires the requester to perform the operation to continue.

Code	Description
100 (continue)	The requester shall continue to make the request. The server returns this code, which means that the server has received the first part of the request and is waiting to receive the remaining part.
101 (switching Protocol)	The requester has requested the server switching protocol, and the server has confirmed and is ready to switch.

2XX (successful)

The status code indicating that the server has successfully processed the request.

Code	Description
200 (successful)	The server has successfully processed the request. Generally, this indicates that the server provides the requested webpage. If your robots.txt file is displayed in this status, this indicates that the file has been successfully retrieved.
201 (created)	The request is successful and the server has created a new resource.
202 (accepted)	The server has accepted the request but has not processed it.
203 (unauthorized information)	The server has successfully processed the request, but returns information that may come from another source.
204 (NO content)	The server successfully processes the request but does not return any content.
205 (reset content)	The server successfully processes the request but does not return any content. Unlike the 204 response, this response requires the requester to reset the document view (for example, clear the form content to enter new content ).
206 (partial content)	The server successfully processes some GET requests.

3xx (redirected)
To complete the request, you must perform further operations. These status codes are usually always redirected. Google recommends that you use fewer than five redirection entries for each request. You can use the website administrator tool to check if googlebot encounters any problems when crawling your redirected webpage. The capture error page under diagnosis lists URLs that cannot be crawled by googlebot due to redirection errors.

Code	Description
300 (multiple options)	The server can perform multiple operations based on the request. The server selects an operation based on the user agent or provides an operation list for the user agent to select.
301 (permanent movement)	The requested webpage has been permanently moved to a new location. When the server returns this response (as a response to a get or head request), it automatically redirects the requester to a new location. You should use this code to notify googlebot that a webpage or website has been permanently moved to a new location.
302 (temporary movement)	The server is currently responding to requests from different web pages, but the requester should continue to use the original location for future requests. Similar to code 301 In response to get and head requests, this code automatically redirects the requester to different locations. However, because googlebot continues to capture the original location and indexed it, you should not use this code to notify googlebot that a page or website has been moved.
303 (view other locations)	The server returns this code when the requester must perform separate GET requests at different locations to retrieve the response. For all requests except HEAD requests, the server automatically redirects to other locations.
304 (not modified)	The requested webpage has not been modified since the last request. When the server returns this response, no webpage content is returned. If the web page has not been changed since the last request, you should Configure the server to return this response (known as the IF-modified-since HTTP header ). The server can tell googlebot that the webpage has not been changed since the previous capture, thus saving bandwidth and overhead. .
305 (use proxy)	The requester can only use a proxy to access the requested webpage. If the server returns this response, the server also specifies the proxy that the requester should use.
307 (temporary redirection)	The server is currently responding to requests from different web pages, but the requester should continue to use the original location for future requests. Similar to code 301 In response to get and head requests, this code automatically redirects the requester to different locations. However, because googlebot continues to capture the original location and indexed it, you should not use this code to notify googlebot that a page or website has been moved.

4xx (request error)
These status codes indicate that the request may fail and the server may be unable to process the request.

Code	Description
400 (incorrect request)	The server does not understand the request syntax.
401 (unauthorized)	The request requires authentication. After logon, the server may return this response to the page.
403 (Forbidden)	The server rejects the request. If this status code is displayed when googlebot attempts to capture a valid webpage on your website (you can see this status code on the web capture page diagnosed by Google administrator, this may be because your server or host rejects googlebot access to it.
404 (not found)	The server cannot find the requested webpage. For example, if the request is for a webpage that does not exist on the server, the server usually returns this code. If the robots.txt file does not exist on your website, and you find this status on the robots.txt page of the Google website administrator tool "Diagnostics" tab, this is the correct status. However, if you have a robots.txt file and find this status again, it indicates that your robots.txt file may be named incorrectly or located in the wrong location. (The file should be on a top-level domain name and be named robots.txt ). If you find this status (on the HTTP Error page of the "diagnosis" tab) on the URL that googlebot is trying to crawl, this indicates that googlebot may be tracking invalid links in another webpage (old links or incorrect links ).
405 (method disabled)	Disable the method specified in the request.
406 (not accepted)	You cannot use the Content features of the request to respond to the requested webpage.
407 (proxy authorization required)	This status code is similar to 401 (unauthorized), but specifies that the requester should use a proxy for authorization. If the server returns this response, the server also specifies the proxy that the requester should use.
408 (request timeout)	The server timed out while waiting for the request.
409 (conflict)	A conflict occurs when the server completes the request. The server must contain information about conflicts in the response. The server may return this code when responding to a put request that conflicts with the previous request, and provides a list of differences between the two requests.
410 (Deleted)	If the requested resource has been permanently deleted, the server returns this response. This code is similar to the 404 (not found) code, but sometimes it may replace the 404 code when the resource exists but does not exist now. If the resource has been permanently deleted, you should use code 301 to specify a new location for the resource.
411 (valid length required)	The server will not accept requests that contain invalid Content Length header fields.
412 (not meeting the prerequisites)	The server does not meet one of the prerequisites set by the requester in the request.
413 (the Request Entity is too large)	The server cannot process the request because the request entity is too large and exceeds the server's processing capability.
414 (the requested URI is too long)	The request URI (usually the URL) is too long and cannot be processed by the server.
415 (unsupported media type)	The request format is not supported by the request page.
416 (the request range does not meet the requirements)	If the request is for an invalid webpage range, the server returns this status code.
417 (expectations not met)	The server does not meet the "expected" request header field requirements.

5xx (server error)
These status codes indicate that an internal error occurs when the server attempts to process the request. These errors may be server errors rather than request errors.

Code	Description
500 (internal server error)	The request cannot be completed due to a server error.
501 (not implemented)	The server does not have the function to complete the request. For example, if the server cannot identify the request method, the server may return this code.
502 (incorrect gateway)	The gateway or proxy server receives an invalid response from the upstream server.
503 (Service unavailable)	Currently, servers cannot be used (due to overload or downtime maintenance ). This is usually a temporary state.
504 (gateway timeout)	As a gateway or proxy, the server does not receive requests from the upstream server in a timely manner.
505 (unsupported HTTP Version)	The server does not support the HTTP protocol version used in the request.