in 0.9.7
use:
location ^~ /ks/admin
{
satisfy any;
allow 10.68.136.241/32;
allow 10.66.23.80/32;
deny all;
auth_basic "passwd";
auth_basic_user_file ksadminpasswd;
}
when IP is not 10.68.136.241 or 10.66.23.80, people can still visit
/ks/admin,not prompt for user and passwd.
Is this a bug?
lhmwzy
April 7, 2011, 7:01pm
2
On Thu, Apr 07, 2011 at 11:52:09PM +0800, lhmwzy wrote:
Hi there,
when IP is not 10.68.136.241 or 10.66.23.80, people can still visit
/ks/admin,not prompt for user and passwd.
When I test that, I get the http 401 password challenge that I expect.
So I don’t see the problem.
What does your debug log say?
f
Francis D. [email protected]
lhmwzy
April 7, 2011, 8:28pm
3
On 7 April 2011 17:52, lhmwzy [email protected] wrote:
auth_basic_user_file ksadminpasswd;
}
when IP is not 10.68.136.241 or 10.66.23.80, people can still visit
/ks/admin,not prompt for user and passwd.
Is this a bug?
Don’t you want satisfy all ?
lhmwzy
April 8, 2011, 1:52am
4
I have found the reason:
when install the module named nginx-accesskey-2.0.3,then the bug will
appear.
lhmwzy
April 8, 2011, 2:09am
5
Today Apr 8, 2011 at 07:52 lhmwzy wrote:
I have found the reason:
when install the module named nginx-accesskey-2.0.3,then the bug will appear.
It return NGX_OK when not configured.
Fix:
— …/nginx-accesskey-2.0.3/ngx_http_accesskey_module.c.orig
2007-12-30
+++ …/nginx-accesskey-2.0.3/ngx_http_accesskey_module.c
2010-07-18
@@ -125,7 +125,7 @@
alcf = ngx_http_get_module_loc_conf(r, ngx_http_accesskey_module);
if (!alcf->enable) {
lhmwzy
April 8, 2011, 1:53am
6
nginx -V without nginx-accesskey-2.0.3
nginx: configure arguments: --prefix=/usr/local/etc/nginx
–with-cc-opt=’-I /usr/local/include’ --with-ld-opt=’-L
/usr/local/lib’ --conf-path=/usr/local/etc/nginx/nginx.conf
–sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid
–error-log-path=/var/log/nginx-error.log --user=www --group=www
–http-client-body-temp-path=/var/tmp/nginx/client_body_temp
–http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp
–http-proxy-temp-path=/var/tmp/nginx/proxy_temp
–http-scgi-temp-path=/var/tmp/nginx/scgi_temp
–http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp
–http-log-path=/var/log/nginx-access.log --with-http_addition_module
–add-module=/usr/ports/www/nginx-devel/work/ngx_headers_more_module-0.14
–with-http_gzip_static_module --with-http_realip_module
–with-http_secure_link_module --with-http_ssl_module
–with-http_stub_status_module --with-http_sub_module
–add-module=/usr/ports/www/nginx-devel/work/nginx_upstream_fair-20090923
–add-module=/usr/ports/www/nginx-devel/work/nginx_upstream_hash-0.3.1
–add-module=/usr/ports/www/nginx-devel/work/ngx_http_upstream_keepalive-0.3
–with-pcre
nginx -V with nginx-accesskey-2.0.3
nginx: configure arguments: --prefix=/usr/local/etc/nginx
–with-cc-opt=’-I /usr/local/include’ --with-ld-opt=’-L
/usr/local/lib’ --conf-path=/usr/local/etc/nginx/nginx.conf
–sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid
–error-log-path=/var/log/nginx-error.log --user=www --group=www
–http-client-body-temp-path=/var/tmp/nginx/client_body_temp
–http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp
–http-proxy-temp-path=/var/tmp/nginx/proxy_temp
–http-scgi-temp-path=/var/tmp/nginx/scgi_temp
–http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp
–http-log-path=/var/log/nginx-access.log
–add-module=/usr/ports/www/nginx-devel/work/nginx-accesskey-2.0.3
–with-http_addition_module
–add-module=/usr/ports/www/nginx-devel/work/ngx_headers_more_module-0.14
–with-http_gzip_static_module --with-http_realip_module
–with-http_secure_link_module --with-http_ssl_module
–with-http_stub_status_module --with-http_sub_module
–add-module=/usr/ports/www/nginx-devel/work/nginx_upstream_fair-20090923
–add-module=/usr/ports/www/nginx-devel/work/nginx_upstream_hash-0.3.1
–add-module=/usr/ports/www/nginx-devel/work/ngx_http_upstream_keepalive-0.3
–with-pcre
lhmwzy
April 8, 2011, 6:17am
7
another problem:
when use:
location ^~ /ks/admin
{
satisfy any;
allow 10.68.136.241/32;
allow 10.66.23.80/32;
deny all;
auth_basic “passwd”;
auth_basic_user_file ksadminpasswd;
}
then the 401 error page can not be customized,only show the default
401error page:
"401 Authorization Required
lhmwzy
April 8, 2011, 6:56am
8
my conf is:
server {
listen 80;
server_name 10.66.23.112;
#charset koi8-r;
more_set_headers “Server:lhmwzy web server”;
access_log off;
root /usr/www/112/www;
index index.php index.html index.htm;
location ^~ /phpmyadmin/
{
satisfy any;
#allow 10.68.136.241;
allow 10.68.9.210;
deny all;
auth_basic “passwd”;
auth_basic_user_file ksadminpasswd;
location ~ .php$ {
fastcgi_pass 127.0.0.1:10080;
include fastcgi;
fastcgi_index index.php;
}
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:10080;
include fastcgi;
fastcgi_index index.php;
}
error_page 401 403 /error/401.html;
error_page 404 /error/404.html;
error_page 500 502 503 504 = /error/50x.html;
}
When access phpmyadmin from 10.68.136.241, nginx can not show the
/error/401.html,but the default 401 error_page.
lhmwzy
April 11, 2011, 12:12pm
9
On Fri, Apr 08, 2011 at 12:16:34PM +0800, lhmwzy wrote:
auth_basic_user_file ksadminpasswd;
}
then the 401 error page can not be customized,only show the default
401error page:
"401 Authorization Required
nginx/0.9.7
".
The attached patch should fix the bug.
lhmwzy
April 11, 2011, 12:20pm
10
On Mon, Apr 11, 2011 at 02:11:58PM +0400, Igor S. wrote:
auth_basic "passwd";
The attached patch should fix the bug.
A new better patch.
lhmwzy
April 11, 2011, 4:51pm
11
this is working…TKS
2011/4/11 Igor S. [email protected] :
lhmwzy
April 11, 2011, 4:50pm
12
this is not working…
2011/4/11 Igor S. [email protected] :
lhmwzy
April 11, 2011, 5:01pm
13
sorry,this is working too.
tks again.
2011/4/11 lhmwzy [email protected] :
lhmwzy
April 12, 2011, 4:20am
14
I have some questions for this.but my nginx is 0.8.54,howto change .ths
Posted at Nginx Forum:
lhmwzy
April 12, 2011, 4:30am
15
use this patch is not working!
Posted at Nginx Forum: