Ticket #1433 (closed defect: fixed)

Opened 10 months ago

Last modified 6 months ago

authorization gets activated in second request

Reported by: glen Owned by: jan
Priority: normal Milestone: 1.4.19
Component: core Version: 1.4.18
Severity: normal Keywords:
Cc: Blocked By:
Need User Feedback: no Blocking:

Description

i've created configuration where /scm_ping.php is allowed from one specific ip, all the rest get http authorization. however the /scm_ping.php access works only for the first request, further requests gets enforced http authorization.

sample config: 

config {
    server.modules                 = (
        "mod_indexfile",
        "mod_access",
        "mod_auth",
        "mod_dirlisting",
        "mod_indexfile",
        "mod_staticfile",
        "mod_accesslog",
        "mod_dirlisting",
        "mod_staticfile",
        # 9
    )
    url.access-deny                = ("~", ".inc")
    server.indexfiles              = ("index.html", "index.htm", "index.php", "default.htm")
    static-file.exclude-extensions = (".pl", ".fcgi")
    accesslog.filename             = "/var/log/lighttpd/access.log"
    accesslog.format               = "%h %l %u %t "%r" %>s %b"
    server.document-root           = "/home/services/lighttpd/html/"
    server.errorlog                = "/var/log/lighttpd/error.log"
    server.pid-file                = "/var/run/lighttpd.pid"
    mimetype.assign                = (
        "" => "application/octet-stream",
    )
    server.port                    = 80
    server.username                = "lighttpd"
    server.groupname               = "lighttpd"


    $HTTP["url"] =~ "\.pdf$" {
        # block 1
        server.range-requests = "disable"

    } # end of $HTTP["url"] =~ "\.pdf$"

    $HTTP["url"] =~ "/scm_ping\.php" {
        # block 2


        $HTTP["remoteip"] != "10.10.0.1" {
            # block 3
            url.access-deny = ("")

        } # end of $HTTP["remoteip"] != "10.10.0.1"
    } # end of $HTTP["url"] =~ "/scm_ping\.php"
    else $HTTP["url"] !~ "/rss\.php$" {
        # block 4
        auth.backend                   = "htpasswd"
        auth.backend.htpasswd.userfile = "/etc/passwd"
        auth.require                   = (
            "/" => (
                "method"  => "basic",
                "realm"   => "password protected",
                "require" => "valid-user",
                # 3
            ),
        )

    } # end of $HTTP["url"] !~ "/rss\.php$"
}

note, no files are needed to test the failure, just look note that 401 code should not appear there.

testing: 

$ wget -O /dev/null 10.10.0.1/scm_ping.php
--17:16:02--  http://10.10.0.1/scm_ping.php
           => `/dev/null'
Connecting to 10.10.0.1:80... connected.
HTTP request sent, awaiting response... 404 Not Found
17:16:02 ERROR 404: Not Found.


$ wget -O /dev/null 10.10.0.1/scm_ping.php
--17:16:03--  http://10.10.0.1/scm_ping.php
           => `/dev/null'
Connecting to 10.10.0.1:80... connected.
HTTP request sent, awaiting response... 401 Unauthorized
Authorization failed.

Attachments

Change History

Changed 10 months ago by glen

Note to self: debug.log-conditional-handling = "enable"

Changed 7 months ago by stbuehler

I think this is the conditional cache problem: See #495, #738 and #1165

Changed 6 months ago by stbuehler

  • status changed from new to closed
  • resolution set to fixed

Fixed in [2080], see #1164

Add/Change #1433 (authorization gets activated in second request)

Author



Change Properties
<Author field>
Action
as closed
Next status will be 'reopened'
 
Note: See TracTickets for help on using tickets.