Bug in if?

Hello,

I’m running a small shell server for me and my friends and would like
every user to have his own example.com/user web-accessible,
password-protected directory not available to other users. Preferably,
with authentication against PAM so that one password could be used for
all services.

Currently, this is the configuration I came up with (no PAM
authentication yet):

location ~ ^/(.+?)/download(/.*) Â {
        auth_basic       “Restricted”;
        auth_basic_user_file  /etc/nginx/htpasswd;
        alias /home/$1/download$2;
        autoindex on;
        include mime.types;
        types { }
        default_type application/octet-stream;
    }

and it works as expected. Now, I tried to separate users’ access (so
that any given user had access only to his directory) with the if
statements:

location ~ ^/(.+?)/download(/.*) Â {
        auth_basic       “Restricted”;
        auth_basic_user_file  /etc/nginx/htpasswd;
        alias /home/$1/download$2;
        autoindex on;
        include mime.types;
        types { }
        default_type application/octet-stream;
        if ($remote_user != ‘’) { set $hack b; }
        if ($remote_user != $1) { set $hack a$hack; }
        if ($hack = ab) { return 403; }
    }

That caused 404 errors. This is the relevant fragment of the error log:

2010/09/21 23:12:41 [error] 31813#0: *245 “/home/wmp/download/.1
Hostindex.html” is not found (2: No such file or directory), client:
87.205.146.217, server: domain, request: “GET /wmp/download/
HTTP/1.1”, host: “domain:9900”

And this is debug.log: http://pastebin.com/4wUQkXZH

Nginx was compiled with the following options:

–conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid
–lock-path=/var/lock/nginx.lock
–http-client-body-temp-path=/var/lib/nginx/body
–http-proxy-temp-path=/var/lib/nginx/proxy
–http-fastcgi-temp-path=/var/lib/nginx/fastcgi  --with-debug
–with-http_stub_status_module --with-http_flv_module
–with-http_ssl_module --with-http_dav_module
–with-http_gzip_static_module --with-http_realip_module --with-mail
–with-mail_ssl_module --with-ipv6
–add-module=/home/wmp/tmp/nginx/nginx-0.7.65/modules/nginx-upstream-fair
–add-module=/home/wmp/tmp/nginx/nginx-0.7.65/modules/ngx_http_auth_pam
–with-perl=/usr/bin/perl --sbin-path=/usr/sbin
–error-log-path=/var/log/nginx/error.log
–http-log-path=/var/log/nginx/access.log --with-http_perl_module

wmp is, obviously, my username

Is what I’m trying to do even possible? If so, how?

I would like to thank kolbyjack from #nginx for his help with this
problem so far.


Marcin Janowski(WMP)

Hello!

On Tue, Sep 21, 2010 at 11:57:33PM +0200, Marcin WMP Janowski wrote:

[…]

š š š š š š š štypes { }
87.205.146.217, server: domain, request: “GET /wmp/download/
HTTP/1.1”, host: “domain:9900”

http://wiki.nginx.org/IfIsEvil

See if-and-alias example.

[…]

Is what I’m trying to do even possible? If so, how?

As far as I see

root /home;

will to the same thing you are trying to do with alias. Use it
instead.

An alternative would be to move “if … { set … }” blocks to
server level, but it’s not needed here.

Maxim D.

2010/9/22 Maxim D. [email protected]:

location ~ ^/(.+?)/download(/.) Â {
    }
See if-and-alias example.
Ok, i do:
location ~ ^/(?.+?)/download(?/.
) {
alias /home/$user/rtorrent/download$file;

but down work, i have this same error.


Marcin Janowski(WMP)

Hello!

On Wed, Sep 22, 2010 at 10:36:59AM +0200, Marcin WMP Janowski wrote:

š š š š š š š šif ($hack = ab) { return 403; }

See if-and-alias example.

Ok, i do:
location ~ ^/(?.+?)/download(?/.*) {
alias /home/$user/rtorrent/download$file;

but down work, i have this same error.

Nobody said using named captures will help. Use root instead.

Maxim D.

I cant use root, becouse in code what i send you i have simple path. In
real
i have few directory in path

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs