On Sun, Apr 17, 2011 at 06:26:56PM +0100, Ian H. wrote:
Hi,
I’m still using Nginx 0.7.67 and I think I have found a minor bug.
In my config files, for one domain I have entries like this to
protect two directories.
location /secret {
index index.html
auth_basic “Please login”;
This syntactically correct and defines three possible index files:
“index.html”, “auth_basic” and “Please login”.
auth_basic_user_file /path/to/passwordfile
Note this doesn’t have “;” as well and will make config
syntactially incorrect. You won’t be able to start nginx such
config, but I assume this is artifact introduced during writing
this message.
The result is that /secret is not protected (although /private is).
The bug is that when nginx is restarted, it announces that the config file
is valid, when it isn’t, (so the problem was not detected for many months).
The problem is that config file is actually valid. It’s not
really possible to detect such configuration errors as long as
resulting construct is valid.
location /secret {
index index.html
auth_basic “Please login”;
This syntactically correct and defines three possible index files:
“index.html”, “auth_basic” and “Please login”.