Actions
Bug #1433
closedauthorization gets activated in second request
ASK QUESTIONS IN Forums:
Description
i've created configuration where {{{/scm_ping.php}}} is allowed from one specific ip, all the rest get http authorization. however the {{{/scm_ping.php}}} access works only for the first request, further requests gets enforced http authorization.
sample config:
config { server.modules = ( "mod_indexfile", "mod_access", "mod_auth", "mod_dirlisting", "mod_indexfile", "mod_staticfile", "mod_accesslog", "mod_dirlisting", "mod_staticfile", # 9 ) url.access-deny = ("~", ".inc") server.indexfiles = ("index.html", "index.htm", "index.php", "default.htm") static-file.exclude-extensions = (".pl", ".fcgi") accesslog.filename = "/var/log/lighttpd/access.log" accesslog.format = "%h %l %u %t "%r" %>s %b" server.document-root = "/home/services/lighttpd/html/" server.errorlog = "/var/log/lighttpd/error.log" server.pid-file = "/var/run/lighttpd.pid" mimetype.assign = ( "" => "application/octet-stream", ) server.port = 80 server.username = "lighttpd" server.groupname = "lighttpd" $HTTP["url"] =~ "\.pdf$" { # block 1 server.range-requests = "disable" } # end of $HTTP["url"] =~ "\.pdf$" $HTTP["url"] =~ "/scm_ping\.php" { # block 2 $HTTP["remoteip"] != "10.10.0.1" { # block 3 url.access-deny = ("") } # end of $HTTP["remoteip"] != "10.10.0.1" } # end of $HTTP["url"] =~ "/scm_ping\.php" else $HTTP["url"] !~ "/rss\.php$" { # block 4 auth.backend = "htpasswd" auth.backend.htpasswd.userfile = "/etc/passwd" auth.require = ( "/" => ( "method" => "basic", "realm" => "password protected", "require" => "valid-user", # 3 ), ) } # end of $HTTP["url"] !~ "/rss\.php$" }
note, no files are needed to test the failure, just look note that 401 code should not appear there.
testing:
$ wget -O /dev/null 10.10.0.1/scm_ping.php --17:16:02-- http://10.10.0.1/scm_ping.php => `/dev/null' Connecting to 10.10.0.1:80... connected. HTTP request sent, awaiting response... 404 Not Found 17:16:02 ERROR 404: Not Found. $ wget -O /dev/null 10.10.0.1/scm_ping.php --17:16:03-- http://10.10.0.1/scm_ping.php => `/dev/null' Connecting to 10.10.0.1:80... connected. HTTP request sent, awaiting response... 401 Unauthorized Authorization failed.
Updated by glen about 17 years ago
Note to self: {{{debug.log-conditional-handling = "enable"}}}
Updated by stbuehler almost 17 years ago
- Status changed from New to Fixed
- Resolution set to fixed
Fixed in r2080, see #1164
Actions
Also available in: Atom