4 messages in ru.sysoev.nginxRe: Bug in nginx?| From | Sent On | Attachments |
|---|---|---|
| Ian Hobson | Apr 17, 2011 10:26 am | |
| Vitaly Tskhovrebov | Apr 17, 2011 10:43 am | |
| Maxim Dounin | Apr 17, 2011 11:12 am | |
| Ian Hobson | Apr 17, 2011 12:35 pm |
| Subject: | Re: Bug in nginx? | |
|---|---|---|
| From: | Maxim Dounin (mdou...@mdounin.ru) | |
| Date: | Apr 17, 2011 11:12:06 am | |
| List: | ru.sysoev.nginx | |
Hello!
On Sun, Apr 17, 2011 at 06:26:56PM +0100, Ian Hobson wrote:
Hi,
I'm still using Nginx 0.7.67 and I think I have found a minor bug.
In my config files, for one domain I have entries like this to protect two directories.
location /secret { index index.html auth_basic "Please login";
This syntactically correct and defines three possible index files: "index.html", "auth_basic" and "Please login".
auth_basic_user_file /path/to/passwordfile
Note this doesn't have ";" as well and will make config syntactially incorrect. You won't be able to start nginx such config, but I assume this is artifact introduced during writing this message.
}
location /private { auth_basic "Hello, Please login"; authObasic_user_file /path/to/passwordfile; if () etc
Note the second line above has no trailing semi-colon.
The result is that /secret is not protected (although /private is).
The bug is that when nginx is restarted, it announces that the config file is valid, when it isn't, (so the problem was not detected for many months).
The problem is that config file is actually valid. It's not really possible to detect such configuration errors as long as resulting construct is valid.
Maxim Dounin
_______________________________________________ nginx mailing list ngi...@nginx.org http://nginx.org/mailman/listinfo/nginx