[Solved] url.access-deny not working
Added by chris4j almost 9 years ago
version 1.4.38
I have this config:
$HTTP["remoteip"] != "192.168.2.127" {
url.access-deny = ( "" )
}
Client "192.168.2.127" can access the server.
But when adding "server.use-ipv6 = "enable"", the client "192.168.2.127" is forbidden, is it something wrong with my config?
I want to allow(or deny) some IPs or networks(IPv4 and IPv6) to access the server, how to achieve this?
Thx.
Replies (3)
RE: url.access-deny not working - Added by gstrauss almost 9 years ago
Please try using url.access-deny = ( ) instead.
If using IPv6, please also see https://redmine.lighttpd.net/issues/2706, which is fixed in lighttpd master branch and will be part of the next lighttpd release.
RE: url.access-deny not working - Added by gstrauss almost 9 years ago
I need to correct what I posted above. I think I misunderstood what you were trying to do.
According to https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModAccess, url.access-deny ( "" ) should deny for all paths which match any suffix in the url.access-deny list (and "" matches the end of every URL path). You mentioned that is working for you until you set server.use-ipv6 = "enable" . Is my understanding correct? If that is the case, then the upcoming 1.4.40 version of lighttpd should address your issue, or you can build from HEAD of master to get the fix sooner.
In the meantime, you might try including the IPv6 v4-mapped address ("::FFFF:192.168.2.127") in the condition.
I have not tested this:
$HTTP["remoteip"] != "192.168.2.127" {
$HTTP["remoteip"] != "::FFFF:192.168.2.127" {
url.access-deny = ( "" )
}
}