https://redmine.lighttpd.net/
https://redmine.lighttpd.net/favicon.ico?1366732741
2007-06-25T15:05:58Z
lighty labs
Lighttpd - Bug #1246: mod_access not restricting FastCGI processes
https://redmine.lighttpd.net/issues/1246?journal_id=3023
2007-06-25T15:05:58Z
jan
<ul></ul><p>Please add the output of</p>
<pre>
debug.log-request-handling = "enable"
</pre>
Lighttpd - Bug #1246: mod_access not restricting FastCGI processes
https://redmine.lighttpd.net/issues/1246?journal_id=3024
2007-06-25T15:49:52Z
ircmaxell
<ul></ul><p>Alright, I'm not able to reproduce the error anymore. What was happening was something like this<br />$HTTP<a class="wiki-page new" href="https://redmine.lighttpd.net/projects/lighttpd/wiki/Host">host</a> == "host1.com" {<br />$HTTP<a class="wiki-page new" href="https://redmine.lighttpd.net/projects/lighttpd/wiki/Url">url</a> =~ "/admin" {<br />urn.access-deny = ("")<br />}<br />}</p>
<p>Then I went into <a class="external" href="http://www.host2.com/administrator/index.php">www.host2.com/administrator/index.php</a>... The php file processed fine, but none of the images appeared (they all got 403 errors). If I can get the error to reproduce, I'll post the debug trace.</p>
Lighttpd - Bug #1246: mod_access not restricting FastCGI processes
https://redmine.lighttpd.net/issues/1246?journal_id=3025
2007-08-05T01:59:06Z
Anonymous
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Fixed</i></li></ul><p>This ticket was closed automatically by the system. It was previously set to a Pending status and hasn't been updated within 28 days.</p>
<p>-- trac-robot</p>
Lighttpd - Bug #1246: mod_access not restricting FastCGI processes
https://redmine.lighttpd.net/issues/1246?journal_id=3026
2007-11-09T10:08:02Z
Anonymous
<ul><li><strong>Status</strong> changed from <i>Fixed</i> to <i>Need Feedback</i></li></ul><p>Same problem here with Lighttpd 1.4.16 (Backport for Debian Etch)</p>
<p>When using:</p>
<pre>
url.access-deny = ( "" )
</pre>
<p>Lighty returns a correct 403 error.</p>
<p>But when using:</p>
<pre>
url.access-deny = ( ".jpg" )
</pre>
<p>then Lighty returns a 403 header AND the content of the jpg file.</p>
<p>Configuration:</p>
<pre>
server.error-handler-404 = "/notFound.php"
server.document-root = "/****/static/*site*/"
$HTTP["url"] =~ "^/t/" {
magnet.attract-physical-path-to = ( "/****/thumb.lua" )
}
expire.url = ( "/t/" => "access 7 days", "/m/" => "access 7 days", "" => "access 1 days" )
$HTTP["referer"] !~ "*site*" {
url.access-deny = ( ".jpg" )
}
</pre>
<p>Debug when using ".jpg":</p>
<pre>
2007-11-09 10:58:09: (response.c.205) -- splitting Request-URI
2007-11-09 10:58:09: (response.c.206) Request-URI : /t/0/1/1-150.jpg
2007-11-09 10:58:09: (response.c.207) URI-scheme : http
2007-11-09 10:58:09: (response.c.208) URI-authority: localcdn.*site*.com
2007-11-09 10:58:09: (response.c.209) URI-path : /t/0/1/1-150.jpg
2007-11-09 10:58:09: (response.c.210) URI-query :
2007-11-09 10:58:09: (response.c.260) -- sanatising URI
2007-11-09 10:58:09: (response.c.261) URI-path : /t/0/1/1-150.jpg
2007-11-09 10:58:09: (mod_access.c.135) -- mod_access_uri_handler called
2007-11-09 10:58:09: (mod_access.c.164) url denied as we match: .jpg
2007-11-09 10:58:09: (response.c.205) -- splitting Request-URI
2007-11-09 10:58:09: (response.c.206) Request-URI : /notFound.php
2007-11-09 10:58:09: (response.c.207) URI-scheme : http
2007-11-09 10:58:09: (response.c.208) URI-authority: localcdn.*site*.com
2007-11-09 10:58:09: (response.c.209) URI-path : /notFound.php
2007-11-09 10:58:09: (response.c.210) URI-query :
2007-11-09 10:58:09: (response.c.260) -- sanatising URI
2007-11-09 10:58:09: (response.c.261) URI-path : /notFound.php
2007-11-09 10:58:09: (mod_access.c.135) -- mod_access_uri_handler called
2007-11-09 10:58:09: (response.c.375) -- before doc_root
2007-11-09 10:58:09: (response.c.376) Doc-Root : /*wwwpath*/static/*site*/
2007-11-09 10:58:09: (response.c.377) Rel-Path : /notFound.php
2007-11-09 10:58:09: (response.c.378) Path :
2007-11-09 10:58:09: (response.c.426) -- after doc_root
2007-11-09 10:58:09: (response.c.427) Doc-Root : /*wwwpath*/static/*site*/
2007-11-09 10:58:09: (response.c.428) Rel-Path : /notFound.php
2007-11-09 10:58:09: (response.c.429) Path : /*wwwpath*/static/*site*/notFound.php
2007-11-09 10:58:09: (response.c.446) -- logical -> physical
2007-11-09 10:58:09: (response.c.447) Doc-Root : /*wwwpath*/static/*site*/
2007-11-09 10:58:09: (response.c.448) Rel-Path : getThumbnail.php
2007-11-09 10:58:09: (response.c.449) Path : /*wwwpath*/scripts/getThumbnail.php
2007-11-09 10:58:09: (response.c.466) -- handling physical path
2007-11-09 10:58:09: (response.c.467) Path : /*wwwpath*/scripts/getThumbnail.php
2007-11-09 10:58:09: (response.c.474) -- file found
2007-11-09 10:58:09: (response.c.475) Path : /*wwwpath*/scripts/getThumbnail.php
2007-11-09 10:58:09: (response.c.613) -- handling subrequest
2007-11-09 10:58:09: (response.c.614) Path : /*wwwpath*/scripts/getThumbnail.php
2007-11-09 10:58:09: (mod_access.c.135) -- mod_access_uri_handler called
2007-11-09 10:58:09: (mod_fastcgi.c.3589) handling it in mod_fastcgi
</pre>
<p>Thanks for this wonderful soft :-)</p>
Lighttpd - Bug #1246: mod_access not restricting FastCGI processes
https://redmine.lighttpd.net/issues/1246?journal_id=3027
2007-11-09T10:09:35Z
Anonymous
<ul></ul><p>Sorry for the CC.</p>
<p>Also, I think: isn't it the 404 handler that tries to handle the 403 error?</p>
<p>-- yvan.taviaud</p>
Lighttpd - Bug #1246: mod_access not restricting FastCGI processes
https://redmine.lighttpd.net/issues/1246?journal_id=3028
2008-08-27T22:08:25Z
stbuehler
<ul><li><strong>Status</strong> changed from <i>Need Feedback</i> to <i>Fixed</i></li><li><strong>Resolution</strong> set to <i>wontfix</i></li></ul><p>I don't know why it isn't documented, but the 404 handler also handles 403; this is clearly wanted in the source. So, this is not unexpected. Won't fix/change in 1.4.</p>
Lighttpd - Bug #1246: mod_access not restricting FastCGI processes
https://redmine.lighttpd.net/issues/1246?journal_id=4829
2008-10-10T19:05:03Z
stbuehler
<ul><li><strong>Status</strong> changed from <i>Fixed</i> to <i>Wontfix</i></li></ul>