Satisfy problem

in 0.9.7
use:

    location ^~ /ks/admin
    {
            satisfy any;
            allow 10.68.136.241/32;
            allow 10.66.23.80/32;
            deny all;
            auth_basic "passwd";
            auth_basic_user_file ksadminpasswd;
   }

when IP is not 10.68.136.241 or 10.66.23.80, people can still visit
/ks/admin,not prompt for user and passwd.

Is this a bug?

On Thu, Apr 07, 2011 at 11:52:09PM +0800, lhmwzy wrote:

Hi there,

when IP is not 10.68.136.241 or 10.66.23.80, people can still visit
/ks/admin,not prompt for user and passwd.

When I test that, I get the http 401 password challenge that I expect.

So I don’t see the problem.

What does your debug log say?

f

Francis D. [email protected]

On 7 April 2011 17:52, lhmwzy [email protected] wrote:

           auth_basic_user_file ksadminpasswd;
  }

when IP is not 10.68.136.241 or 10.66.23.80, people can still visit
/ks/admin,not prompt for user and passwd.

Is this a bug?

Don’t you want satisfy all?

I have found the reason:
when install the module named nginx-accesskey-2.0.3,then the bug will
appear.

Today Apr 8, 2011 at 07:52 lhmwzy wrote:

I have found the reason:
when install the module named nginx-accesskey-2.0.3,then the bug will appear.

It return NGX_OK when not configured.
Fix:

— …/nginx-accesskey-2.0.3/ngx_http_accesskey_module.c.orig
2007-12-30
+++ …/nginx-accesskey-2.0.3/ngx_http_accesskey_module.c
2010-07-18
@@ -125,7 +125,7 @@
alcf = ngx_http_get_module_loc_conf(r, ngx_http_accesskey_module);

 if (!alcf->enable) {
  •    return NGX_OK;
    
  •    return NGX_DECLINED;
    

    }

    if (!alcf->signature_lengths || !alcf->signature_values) {

nginx -V without nginx-accesskey-2.0.3
nginx: configure arguments: --prefix=/usr/local/etc/nginx
–with-cc-opt=’-I /usr/local/include’ --with-ld-opt=’-L
/usr/local/lib’ --conf-path=/usr/local/etc/nginx/nginx.conf
–sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid
–error-log-path=/var/log/nginx-error.log --user=www --group=www
–http-client-body-temp-path=/var/tmp/nginx/client_body_temp
–http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp
–http-proxy-temp-path=/var/tmp/nginx/proxy_temp
–http-scgi-temp-path=/var/tmp/nginx/scgi_temp
–http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp
–http-log-path=/var/log/nginx-access.log --with-http_addition_module
–add-module=/usr/ports/www/nginx-devel/work/ngx_headers_more_module-0.14
–with-http_gzip_static_module --with-http_realip_module
–with-http_secure_link_module --with-http_ssl_module
–with-http_stub_status_module --with-http_sub_module
–add-module=/usr/ports/www/nginx-devel/work/nginx_upstream_fair-20090923
–add-module=/usr/ports/www/nginx-devel/work/nginx_upstream_hash-0.3.1
–add-module=/usr/ports/www/nginx-devel/work/ngx_http_upstream_keepalive-0.3
–with-pcre

nginx -V with nginx-accesskey-2.0.3
nginx: configure arguments: --prefix=/usr/local/etc/nginx
–with-cc-opt=’-I /usr/local/include’ --with-ld-opt=’-L
/usr/local/lib’ --conf-path=/usr/local/etc/nginx/nginx.conf
–sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid
–error-log-path=/var/log/nginx-error.log --user=www --group=www
–http-client-body-temp-path=/var/tmp/nginx/client_body_temp
–http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp
–http-proxy-temp-path=/var/tmp/nginx/proxy_temp
–http-scgi-temp-path=/var/tmp/nginx/scgi_temp
–http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp
–http-log-path=/var/log/nginx-access.log
–add-module=/usr/ports/www/nginx-devel/work/nginx-accesskey-2.0.3
–with-http_addition_module
–add-module=/usr/ports/www/nginx-devel/work/ngx_headers_more_module-0.14
–with-http_gzip_static_module --with-http_realip_module
–with-http_secure_link_module --with-http_ssl_module
–with-http_stub_status_module --with-http_sub_module
–add-module=/usr/ports/www/nginx-devel/work/nginx_upstream_fair-20090923
–add-module=/usr/ports/www/nginx-devel/work/nginx_upstream_hash-0.3.1
–add-module=/usr/ports/www/nginx-devel/work/ngx_http_upstream_keepalive-0.3
–with-pcre

another problem:

when use:
location ^~ /ks/admin
{
satisfy any;
allow 10.68.136.241/32;
allow 10.66.23.80/32;
deny all;
auth_basic “passwd”;
auth_basic_user_file ksadminpasswd;
}
then the 401 error page can not be customized,only show the default
401error page:

"401 Authorization Required

my conf is:

server {
listen 80;
server_name 10.66.23.112;
#charset koi8-r;
more_set_headers “Server:lhmwzy web server”;
access_log off;
root /usr/www/112/www;
index index.php index.html index.htm;
location ^~ /phpmyadmin/
{
satisfy any;
#allow 10.68.136.241;
allow 10.68.9.210;
deny all;
auth_basic “passwd”;
auth_basic_user_file ksadminpasswd;
location ~ .php$ {
fastcgi_pass 127.0.0.1:10080;
include fastcgi;
fastcgi_index index.php;
}
}

    location ~ \.php$ {
            fastcgi_pass  127.0.0.1:10080;
            include        fastcgi;
            fastcgi_index index.php;
            }

    error_page 401 403 /error/401.html;
    error_page 404 /error/404.html;
    error_page 500 502 503 504 = /error/50x.html;

}

When access phpmyadmin from 10.68.136.241, nginx can not show the
/error/401.html,but the default 401 error_page.

On Fri, Apr 08, 2011 at 12:16:34PM +0800, lhmwzy wrote:

           auth_basic_user_file ksadminpasswd;
  }

then the 401 error page can not be customized,only show the default
401error page:

"401 Authorization Required

nginx/0.9.7
".

The attached patch should fix the bug.

On Mon, Apr 11, 2011 at 02:11:58PM +0400, Igor S. wrote:

           auth_basic "passwd";

The attached patch should fix the bug.
A new better patch.

this is working…TKS

2011/4/11 Igor S. [email protected]:

this is not working…

2011/4/11 Igor S. [email protected]:

sorry,this is working too.
tks again.

2011/4/11 lhmwzy [email protected]:

I have some questions for this.but my nginx is 0.8.54,howto change .ths

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,189160,190374#msg-190374

use this patch is not working!

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,189160,190376#msg-190376

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs