Trouble with regular expressions in mod_auth
Added by rbateman about 3 years ago
I had a working configuration in 1.4.54 based on the regular expression example in the ModAuth wiki doc. After upgrading to a 1.4.56, I noticed a change in behavior: now access to a restricted URL is allowed without authentication. Here is the previously working config:
$HTTP["url"] =~ "^/api/v1/s" {
# block 2
auth.require = (
"" => (
"method" => "basic",
"realm" => "Restricted",
"require" => "valid-user",
# 3
),
)
} # end of $HTTP["url"] =~ "^/api/v1/s"
Removing the outer regex wrapper from the inner auth.require stanza gets me this config, which works in the sense of requiring authorization, but restricts everything, not just my restricted area:
auth.require = (
"" => (
"method" => "basic",
"realm" => "Restricted",
"require" => "valid-user",
# 3
),
)
I'm using curl to test:
$ curl http://<fqdn>:<port>/api/v1/status
As far as I can tell, this is something that changed in 1.4.56. I'm also using mod_auth, mod_authn_ldap, and uwsgi via mod_scgi if that makes a difference.
Replies (6)
RE: Trouble with regular expressions in mod_auth - Added by gstrauss about 3 years ago
Please read How to get support
lighttpd has some tests that it runs to catch regressions. While the tests could be greatly expanded, some tests exist for authentication and these tests pass.
RE: Trouble with regular expressions in mod_auth - Added by gstrauss about 3 years ago
When you made your custom build of lighttpd, did you disable building against PCRE (--without-pcre
)? That is not recommended.
RE: Trouble with regular expressions in mod_auth - Added by rbateman about 3 years ago
Configure command line: $ ./configure --with-ldap --with-openssl --sysconfdir=/usr/local/etc
RE: Trouble with regular expressions in mod_auth - Added by rbateman about 3 years ago
Is it feasible for me to run (and potentially expand on) the unit tests?
RE: Trouble with regular expressions in mod_auth - Added by gstrauss about 3 years ago
Is it feasible for me to run (and potentially expand on) the unit tests?
Is that a rhetorical question? Those are core tenets of automated testing.
Please read the INSTALL
file at the top of the source tree
https://git.lighttpd.net/lighttpd/lighttpd1.4/src/branch/master/INSTALL