Project

General

Profile

Bug #1433

authorization gets activated in second request

Added by glen almost 13 years ago. Updated over 12 years ago.

Status:
Fixed
Priority:
Normal
Category:
core
Target version:
ASK QUESTIONS IN Forums:

Description

i've created configuration where {{{/scm_ping.php}}} is allowed from one specific ip, all the rest get http authorization. however the {{{/scm_ping.php}}} access works only for the first request, further requests gets enforced http authorization.

sample config:


config {
    server.modules                 = (
        "mod_indexfile",
        "mod_access",
        "mod_auth",
        "mod_dirlisting",
        "mod_indexfile",
        "mod_staticfile",
        "mod_accesslog",
        "mod_dirlisting",
        "mod_staticfile",
        # 9
    )
    url.access-deny                = ("~", ".inc")
    server.indexfiles              = ("index.html", "index.htm", "index.php", "default.htm")
    static-file.exclude-extensions = (".pl", ".fcgi")
    accesslog.filename             = "/var/log/lighttpd/access.log" 
    accesslog.format               = "%h %l %u %t "%r" %>s %b" 
    server.document-root           = "/home/services/lighttpd/html/" 
    server.errorlog                = "/var/log/lighttpd/error.log" 
    server.pid-file                = "/var/run/lighttpd.pid" 
    mimetype.assign                = (
        "" => "application/octet-stream",
    )
    server.port                    = 80
    server.username                = "lighttpd" 
    server.groupname               = "lighttpd" 

    $HTTP["url"] =~ "\.pdf$" {
        # block 1
        server.range-requests = "disable" 

    } # end of $HTTP["url"] =~ "\.pdf$" 

    $HTTP["url"] =~ "/scm_ping\.php" {
        # block 2

        $HTTP["remoteip"] != "10.10.0.1" {
            # block 3
            url.access-deny = ("")

        } # end of $HTTP["remoteip"] != "10.10.0.1" 
    } # end of $HTTP["url"] =~ "/scm_ping\.php" 
    else $HTTP["url"] !~ "/rss\.php$" {
        # block 4
        auth.backend                   = "htpasswd" 
        auth.backend.htpasswd.userfile = "/etc/passwd" 
        auth.require                   = (
            "/" => (
                "method"  => "basic",
                "realm"   => "password protected",
                "require" => "valid-user",
                # 3
            ),
        )

    } # end of $HTTP["url"] !~ "/rss\.php$" 
}

note, no files are needed to test the failure, just look note that 401 code should not appear there.

testing:


$ wget -O /dev/null 10.10.0.1/scm_ping.php
--17:16:02--  http://10.10.0.1/scm_ping.php
           => `/dev/null'
Connecting to 10.10.0.1:80... connected.
HTTP request sent, awaiting response... 404 Not Found
17:16:02 ERROR 404: Not Found.

$ wget -O /dev/null 10.10.0.1/scm_ping.php
--17:16:03--  http://10.10.0.1/scm_ping.php
           => `/dev/null'
Connecting to 10.10.0.1:80... connected.
HTTP request sent, awaiting response... 401 Unauthorized
Authorization failed.
#1

Updated by glen over 12 years ago

Note to self: {{{debug.log-conditional-handling = "enable"}}}

#2

Updated by stbuehler over 12 years ago

I think this is the conditional cache problem: See #495, #738 and #1165

#3

Updated by stbuehler over 12 years ago

  • Status changed from New to Fixed
  • Resolution set to fixed

Fixed in r2080, see #1164

Also available in: Atom