0

I am wondering how I send back a HTTP response of 501 (Not Implemented) in Lighttpd web server, when somebody tries to access our api.mydomain.com over non-ssl.

The check we have, but don't see how to actually send back the HTTP response of 501.

$HTTP["host"] =~ "api\.mydomain\.com$" {
        $HTTP["scheme"] == "http" {
                //// HOW DO WE SEND BACK HTTP RESPONSE 501
        }
}
Justin
  • 5,008
  • 19
  • 58
  • 82

1 Answers1

2

The lighttpd way:

With config file, I only know about 404 errors. To send a "non implemented" response, you may use lighttpd mod Magnet (and install LUA), then:

In the config file:

$HTTP["host"] =~ "api\.mydomain\.com$" {
        $HTTP["scheme"] == "http" {
            magnet.attract-physical-path-to = ("/path/to/501.lua")
        }
}

Note that "/path/to/501.lua" should be readable by lighttpd. Then in the 501.lua file:

lighty.content = { { filename = "/path-to-your/501.html" } }
lighty.header["Content-Type"] = "text/html" 
return 501

Very hard to just send a 501... right ?

The alternative way:

If you already have a dinamic language pluged with fastcgi, etc, you can implement error responses (lets say, 501.php) that does what the .lua script makes:

  • Send the proper http response (feasible on any "web" language)
  • Print the proper headers (feasible on any "web" language)
  • Print the proper html or template or static file (feasible on any "web" language)

And use them where needed.

poisonbit
  • 797
  • 4
  • 6
  • Ok, how about this, instead of returning 501, how do we just kill that request. Basically, I don't want users to be able to hit api.mydomain.com in non-ssl. Is there a way to just abort the HTTP request in lighttpd? – Justin Apr 09 '11 at 19:55
  • try adding: url.access-deny = ("") where your comment "//// HOW DO WE SEND..." – poisonbit Apr 10 '11 at 09:11
  • Yeah, that returns back 403, Forbidden. I suppose that works, anything to just drop the connection though, basically just server not found error. – Justin Apr 10 '11 at 20:26