https://redmine.lighttpd.net/https://redmine.lighttpd.net/favicon.ico?13667327412006-06-01T04:15:53Zlighty labsLighttpd - Bug #321: mod_fastcgi authorizers cannot protect fastcgi respondershttps://redmine.lighttpd.net/issues/321?journal_id=7972006-06-01T04:15:53Zmaherb
<ul></ul><p>This seems like a pretty important detail, and if you are going to advertise the fact that you support a fastcgi authorizer, you should probably warn users about this defect .</p> Lighttpd - Bug #321: mod_fastcgi authorizers cannot protect fastcgi respondershttps://redmine.lighttpd.net/issues/321?journal_id=7982006-10-22T05:29:38Zmaherb
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Assigned</i></li></ul> Lighttpd - Bug #321: mod_fastcgi authorizers cannot protect fastcgi respondershttps://redmine.lighttpd.net/issues/321?journal_id=7992007-08-18T09:51:32Zjan
<ul><li><strong>Status</strong> changed from <i>Assigned</i> to <i>Fixed</i></li><li><strong>Resolution</strong> set to <i>invalid</i></li></ul><p>We are only following the FastCGI spec.</p>
<p>In 1.5.0 we added X-Rewrite which fixes this is a generic way.</p> Lighttpd - Bug #321: mod_fastcgi authorizers cannot protect fastcgi respondershttps://redmine.lighttpd.net/issues/321?journal_id=8002008-02-01T08:28:51ZAnonymous
<ul></ul><p>Where in the spec does it say that an authorizer can only protect static files? I just wasted an entire day writing an MySQL authorizer just to realize that LightTPD's implementation of the authorizer mode can only be used to protect static files and only if the mod_fastcgi matches URLs using file extensions. If URLs are matched using a path prefix, mod_fastcgi appends the prefix to the docroot and completely forgets about the rest of the URL. This so useless that I wonder why the authorizer support actually exists in mod_fastcgi. The attached patch looks sane to me, can't you apply it and get on with it? I don't really want to wait another year until 1.5 comes out, if at all.</p> Lighttpd - Bug #321: mod_fastcgi authorizers cannot protect fastcgi respondershttps://redmine.lighttpd.net/issues/321?journal_id=44692008-10-10T18:51:41Zstbuehler
<ul><li><strong>Status</strong> changed from <i>Fixed</i> to <i>Invalid</i></li></ul> Lighttpd - Bug #321: mod_fastcgi authorizers cannot protect fastcgi respondershttps://redmine.lighttpd.net/issues/321?journal_id=104782016-09-20T00:03:03Zgstrauss
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/10478/diff?detail_id=8940">diff</a>)</li><li><strong>Status</strong> changed from <i>Invalid</i> to <i>Patch Pending</i></li><li><strong>Target version</strong> set to <i>1.4.42</i></li></ul> Lighttpd - Bug #321: mod_fastcgi authorizers cannot protect fastcgi respondershttps://redmine.lighttpd.net/issues/321?journal_id=104912016-09-22T17:45:04Zgstrauss
<ul><li><strong>Status</strong> changed from <i>Patch Pending</i> to <i>Fixed</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>Applied in changeset <a class="changeset" title="[mod_fastcgi] Authorizer support with Responder (fixes #321, fixes #322) import Variable-* from ..." href="https://redmine.lighttpd.net/projects/lighttpd/repository/14/revisions/2dcfe1733ec729af0fa3477e91617ce60bc5ecad">2dcfe1733ec729af0fa3477e91617ce60bc5ecad</a>.</p>