http - 代理授权失败的 HTTP 响应码

Question

代理授权失败的 HTTP 响应代码应该是什么？我知道 407 是请求代理授权的响应代码。但是，一旦客户端将身份验证信息发送给代理，如果不正确，代理应该返回什么？如果它返回 401 响应代码，那么客户端如何识别它是代理上的身份验证失败而不是最终资源上的身份验证失败？

Answer 1

好吧，如果 401 保护资源的授权失败，服务器会简单地响应另一个 401：

Request URL:https://mysite.com/myresource/
Request Method:GET
Status Code:401 Authorization Required

Request Headers

Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Authorization:Digest username="gjggj", realm="apps", nonce="75602afa895d26f9796f3c9174cf83f3", uri="/misc/apps/", algorithm=MD5, response="9e113b10d3e95b590bdef0fc7c7c617b", qop=auth, nc=00000001, cnonce="61f73b73f6b33ea2"
Cache-Control:max-age=0
Connection:keep-alive
Host:game-point.net
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17

Response Headers

Cache-Control:no-cache
Connection:close
Content-Length:534
Content-Type:text/html
Date:Wed, 13 Feb 2013 11:07:26 GMT
Pragma:no-cache
Server:Cherokee/1.0.8 (Debian GNU/Linux)
WWW-Authenticate:Digest realm="apps", nonce="75602afa895d26f9796f3c9174cf83f3", qop="auth", algorithm="MD5"

所以我想说处理 407 授权失败的方法是让服务器响应 407 状态码，尽管浏览器已经发送了授权信息；这表明代理仍然需要授权，并暗示授权失败仅仅是因为您仍然获得 407 状态代码。

Answer 2

来自官方机构：

http://www.ietf.org/rfc/rfc2617.txt

If the origin server does not wish to accept the credentials sent
with a request, it SHOULD return a 401 (Unauthorized) response. The
response MUST include a WWW-Authenticate header field containing at
least one (possibly new) challenge applicable to the requested
resource. If a proxy does not accept the credentials sent with a
request, it SHOULD return a 407 (Proxy Authentication Required). The
response MUST include a Proxy-Authenticate header field containing a
(possibly new) challenge applicable to the proxy for the requested
resource.