Project

General

Profile

Forums » Support »

Trouble with regular expressions in mod_auth

Added by rbateman about 3 years ago

I had a working configuration in 1.4.54 based on the regular expression example in the ModAuth wiki doc. After upgrading to a 1.4.56, I noticed a change in behavior: now access to a restricted URL is allowed without authentication. Here is the previously working config:

$HTTP["url"] =~ "^/api/v1/s" {
    # block 2
        auth.require = (
            "" => (
                "method"  => "basic",
                "realm"   => "Restricted",
                "require" => "valid-user",
            # 3
            ),
        )
} # end of $HTTP["url"] =~ "^/api/v1/s"

Removing the outer regex wrapper from the inner auth.require stanza gets me this config, which works in the sense of requiring authorization, but restricts everything, not just my restricted area:

auth.require                   = (
        "" => (
            "method"  => "basic",
            "realm"   => "Restricted",
            "require" => "valid-user",
        # 3
        ),
    )

I'm using curl to test:

$ curl http://<fqdn>:<port>/api/v1/status

As far as I can tell, this is something that changed in 1.4.56. I'm also using mod_auth, mod_authn_ldap, and uwsgi via mod_scgi if that makes a difference.


Replies (6)

RE: Trouble with regular expressions in mod_auth - Added by gstrauss about 3 years ago

Please read How to get support

lighttpd has some tests that it runs to catch regressions. While the tests could be greatly expanded, some tests exist for authentication and these tests pass.

RE: Trouble with regular expressions in mod_auth - Added by gstrauss about 3 years ago

When you made your custom build of lighttpd, did you disable building against PCRE (--without-pcre)? That is not recommended.

RE: Trouble with regular expressions in mod_auth - Added by rbateman about 3 years ago

Configure command line: $ ./configure --with-ldap --with-openssl --sysconfdir=/usr/local/etc

RE: Trouble with regular expressions in mod_auth - Added by rbateman about 3 years ago

Is it feasible for me to run (and potentially expand on) the unit tests?

RE: Trouble with regular expressions in mod_auth - Added by gstrauss about 3 years ago

Is it feasible for me to run (and potentially expand on) the unit tests?

Is that a rhetorical question? Those are core tenets of automated testing.

Please read the INSTALL file at the top of the source tree
https://git.lighttpd.net/lighttpd/lighttpd1.4/src/branch/master/INSTALL

    (1-6/6)