Re: Igor any change auth_basic_user_file can accept the new regex stuff?

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Igor any change auth_basic_user_file can accept the new regex stuff?

Igor Sysoev
On Thu, Mar 12, 2009 at 10:25:14AM -0700, mike wrote:

> i.e.:
>
> location ~* ^/foo/private/(.*) {
>    alias /home/foo/web/private/$1/;
>    auth_basic "Restricted files";
>    auth_basic_user_file /home/foo/web/private/$1/.htpasswd;
> }
>
> Thank you so much for your time and effort in nginx! Hopefully this is
> pretty trivial.

There's patch by Kirill A. Korinskiy in Russian mailing list, that
allows variables in auth_basic_user_file. I will look it and if it's good,
will include it.


--
Igor Sysoev
http://sysoev.ru/en/

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Igor any change auth_basic_user_file can accept the new regex stuff?

Michael Shadle
Yes please!

Thanks :)

On Thu, Mar 12, 2009 at 12:54 PM, Igor Sysoev <[hidden email]> wrote:

> On Thu, Mar 12, 2009 at 10:25:14AM -0700, mike wrote:
>
>> i.e.:
>>
>> location ~* ^/foo/private/(.*) {
>>    alias /home/foo/web/private/$1/;
>>    auth_basic "Restricted files";
>>    auth_basic_user_file /home/foo/web/private/$1/.htpasswd;
>> }
>>
>> Thank you so much for your time and effort in nginx! Hopefully this is
>> pretty trivial.
>
> There's patch by Kirill A. Korinskiy in Russian mailing list, that
> allows variables in auth_basic_user_file. I will look it and if it's good,
> will include it.
>
>
> --
> Igor Sysoev
> http://sysoev.ru/en/
>
>

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Igor any change auth_basic_user_file can accept the new regex stuff?

Igor Sysoev
On Thu, Mar 12, 2009 at 01:26:07PM -0700, mike wrote:

> Yes please!

The patch.

> Thanks :)
>
> On Thu, Mar 12, 2009 at 12:54 PM, Igor Sysoev <[hidden email]> wrote:
> > On Thu, Mar 12, 2009 at 10:25:14AM -0700, mike wrote:
> >
> >> i.e.:
> >>
> >> location ~* ^/foo/private/(.*) {
> >>    alias /home/foo/web/private/$1/;
> >>    auth_basic "Restricted files";
> >>    auth_basic_user_file /home/foo/web/private/$1/.htpasswd;
> >> }
> >>
> >> Thank you so much for your time and effort in nginx! Hopefully this is
> >> pretty trivial.
> >
> > There's patch by Kirill A. Korinskiy in Russian mailing list, that
> > allows variables in auth_basic_user_file. I will look it and if it's good,
> > will include it.
> >
> >
> > --
> > Igor Sysoev
> > http://sysoev.ru/en/
> >
> >
--
Igor Sysoev
http://sysoev.ru/en/

patch.user_file (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Igor any change auth_basic_user_file can accept the new regex stuff?

Michael Shadle
Igor, and the original author of the patch - you guys rock. Thank you.
This actually solves a problem I tried months ago and had to write
some custom script which sucked. Now, my users can use this without
having to ask me to re-run the script.

Seems to work like a charm and it allows for infinitely deep recursion

/foo/ works
/foo/a/b/c/ works

etc.

It does suck that nginx throws a 500 internal server error when no
.htpasswd exists.

Could there be a way with this dynamic auth_basic_user_file thing that
it just issues a 403 instead of a 500?


2009/3/14 Igor Sysoev <[hidden email]>:

> On Thu, Mar 12, 2009 at 01:26:07PM -0700, mike wrote:
>
>> Yes please!
>
> The patch.
>
>> Thanks :)
>>
>> On Thu, Mar 12, 2009 at 12:54 PM, Igor Sysoev <[hidden email]> wrote:
>> > On Thu, Mar 12, 2009 at 10:25:14AM -0700, mike wrote:
>> >
>> >> i.e.:
>> >>
>> >> location ~* ^/foo/private/(.*) {
>> >>    alias /home/foo/web/private/$1/;
>> >>    auth_basic "Restricted files";
>> >>    auth_basic_user_file /home/foo/web/private/$1/.htpasswd;
>> >> }
>> >>
>> >> Thank you so much for your time and effort in nginx! Hopefully this is
>> >> pretty trivial.
>> >
>> > There's patch by Kirill A. Korinskiy in Russian mailing list, that
>> > allows variables in auth_basic_user_file. I will look it and if it's good,
>> > will include it.
>> >
>> >
>> > --
>> > Igor Sysoev
>> > http://sysoev.ru/en/
>> >
>> >
>
> --
> Igor Sysoev
> http://sysoev.ru/en/
>

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Igor any change auth_basic_user_file can accept the new regex stuff?

Michael Shadle
Sorry - but adds a log in nginx.log (not sure which - maybe 'error'
maybe 'notice') that says /home/foo/web/.htpasswd does not exist

On Sat, Mar 14, 2009 at 10:26 AM, mike <[hidden email]> wrote:

> Igor, and the original author of the patch - you guys rock. Thank you.
> This actually solves a problem I tried months ago and had to write
> some custom script which sucked. Now, my users can use this without
> having to ask me to re-run the script.
>
> Seems to work like a charm and it allows for infinitely deep recursion
>
> /foo/ works
> /foo/a/b/c/ works
>
> etc.
>
> It does suck that nginx throws a 500 internal server error when no
> .htpasswd exists.
>
> Could there be a way with this dynamic auth_basic_user_file thing that
> it just issues a 403 instead of a 500?
>
>
> 2009/3/14 Igor Sysoev <[hidden email]>:
>> On Thu, Mar 12, 2009 at 01:26:07PM -0700, mike wrote:
>>
>>> Yes please!
>>
>> The patch.
>>
>>> Thanks :)
>>>
>>> On Thu, Mar 12, 2009 at 12:54 PM, Igor Sysoev <[hidden email]> wrote:
>>> > On Thu, Mar 12, 2009 at 10:25:14AM -0700, mike wrote:
>>> >
>>> >> i.e.:
>>> >>
>>> >> location ~* ^/foo/private/(.*) {
>>> >>    alias /home/foo/web/private/$1/;
>>> >>    auth_basic "Restricted files";
>>> >>    auth_basic_user_file /home/foo/web/private/$1/.htpasswd;
>>> >> }
>>> >>
>>> >> Thank you so much for your time and effort in nginx! Hopefully this is
>>> >> pretty trivial.
>>> >
>>> > There's patch by Kirill A. Korinskiy in Russian mailing list, that
>>> > allows variables in auth_basic_user_file. I will look it and if it's good,
>>> > will include it.
>>> >
>>> >
>>> > --
>>> > Igor Sysoev
>>> > http://sysoev.ru/en/
>>> >
>>> >
>>
>> --
>> Igor Sysoev
>> http://sysoev.ru/en/
>>
>

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Igor any change auth_basic_user_file can accept the new regex stuff?

Igor Sysoev
On Sat, Mar 14, 2009 at 10:27:28AM -0700, mike wrote:

> Sorry - but adds a log in nginx.log (not sure which - maybe 'error'
> maybe 'notice') that says /home/foo/web/.htpasswd does not exist

Currently it says

[crit] 52208#0: *1 open() "..." failed (2: No such file or directory)

Probably it should be lower to error level.

> On Sat, Mar 14, 2009 at 10:26 AM, mike <[hidden email]> wrote:
> > Igor, and the original author of the patch - you guys rock. Thank you.
> > This actually solves a problem I tried months ago and had to write
> > some custom script which sucked. Now, my users can use this without
> > having to ask me to re-run the script.
> >
> > Seems to work like a charm and it allows for infinitely deep recursion
> >
> > /foo/ works
> > /foo/a/b/c/ works
> >
> > etc.
> >
> > It does suck that nginx throws a 500 internal server error when no
> > .htpasswd exists.
> >
> > Could there be a way with this dynamic auth_basic_user_file thing that
> > it just issues a 403 instead of a 500?
> >
> >
> > 2009/3/14 Igor Sysoev <[hidden email]>:
> >> On Thu, Mar 12, 2009 at 01:26:07PM -0700, mike wrote:
> >>
> >>> Yes please!
> >>
> >> The patch.
> >>
> >>> Thanks :)
> >>>
> >>> On Thu, Mar 12, 2009 at 12:54 PM, Igor Sysoev <[hidden email]> wrote:
> >>> > On Thu, Mar 12, 2009 at 10:25:14AM -0700, mike wrote:
> >>> >
> >>> >> i.e.:
> >>> >>
> >>> >> location ~* ^/foo/private/(.*) {
> >>> >>    alias /home/foo/web/private/$1/;
> >>> >>    auth_basic "Restricted files";
> >>> >>    auth_basic_user_file /home/foo/web/private/$1/.htpasswd;
> >>> >> }
> >>> >>
> >>> >> Thank you so much for your time and effort in nginx! Hopefully this is
> >>> >> pretty trivial.
> >>> >
> >>> > There's patch by Kirill A. Korinskiy in Russian mailing list, that
> >>> > allows variables in auth_basic_user_file. I will look it and if it's good,
> >>> > will include it.
> >>> >
> >>> >
> >>> > --
> >>> > Igor Sysoev
> >>> > http://sysoev.ru/en/
> >>> >
> >>> >
> >>
> >> --
> >> Igor Sysoev
> >> http://sysoev.ru/en/
> >>
> >

--
Igor Sysoev
http://sysoev.ru/en/

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Igor any change auth_basic_user_file can accept the new regex stuff?

Igor Sysoev
In reply to this post by Michael Shadle
On Sat, Mar 14, 2009 at 10:26:50AM -0700, mike wrote:

> Igor, and the original author of the patch - you guys rock. Thank you.
> This actually solves a problem I tried months ago and had to write
> some custom script which sucked. Now, my users can use this without
> having to ask me to re-run the script.
>
> Seems to work like a charm and it allows for infinitely deep recursion
>
> /foo/ works
> /foo/a/b/c/ works
>
> etc.
>
> It does suck that nginx throws a 500 internal server error when no
> .htpasswd exists.
>
> Could there be a way with this dynamic auth_basic_user_file thing that
> it just issues a 403 instead of a 500?

Probably 403 should be return in both cases (static and dynamic) if error
is file not found.

>
> 2009/3/14 Igor Sysoev <[hidden email]>:
> > On Thu, Mar 12, 2009 at 01:26:07PM -0700, mike wrote:
> >
> >> Yes please!
> >
> > The patch.
> >
> >> Thanks :)
> >>
> >> On Thu, Mar 12, 2009 at 12:54 PM, Igor Sysoev <[hidden email]> wrote:
> >> > On Thu, Mar 12, 2009 at 10:25:14AM -0700, mike wrote:
> >> >
> >> >> i.e.:
> >> >>
> >> >> location ~* ^/foo/private/(.*) {
> >> >>    alias /home/foo/web/private/$1/;
> >> >>    auth_basic "Restricted files";
> >> >>    auth_basic_user_file /home/foo/web/private/$1/.htpasswd;
> >> >> }
> >> >>
> >> >> Thank you so much for your time and effort in nginx! Hopefully this is
> >> >> pretty trivial.
> >> >
> >> > There's patch by Kirill A. Korinskiy in Russian mailing list, that
> >> > allows variables in auth_basic_user_file. I will look it and if it's good,
> >> > will include it.
> >> >
> >> >
> >> > --
> >> > Igor Sysoev
> >> > http://sysoev.ru/en/
> >> >
> >> >
> >
> > --
> > Igor Sysoev
> > http://sysoev.ru/en/
> >

--
Igor Sysoev
http://sysoev.ru/en/

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Igor any change auth_basic_user_file can accept the new regex stuff?

Michael Shadle
2009/3/14 Igor Sysoev <[hidden email]>:

> Probably 403 should be return in both cases (static and dynamic) if error
> is file not found.

That is fine with me. I was going to recommend that but thought it
might be a bit incorrect. Since htpasswd stuff -is- required to be
configured on the server level, it is sort of a server error if it's
pointing to the wrong file. However, the users can control the files a
lot of the time and remove them...

As long as there is a simple to read error log entry for it, that
works. Right now a 404 throws an "error" - shouldn't that be more like
a "notice" ?

This missing file should be an error as it has more to do with server
configuration. But me randomly typing in /ekfhskdfdskhfs into a site
should not raise an "error" level:

2009/03/14 11:20:25 [error] 32217#0: *1 open()
"/home/mike/web/192.168.1.3/fds" failed (2: No such file or
directory), client: 192.168.1.2, server: 192.168.1.3, request: "GET
/fds HTTP/1.1", host: "192.168.1.3"

IMHO it should be less important for a 404 :)

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Igor any change auth_basic_user_file can accept the new regex stuff?

Igor Sysoev
On Sat, Mar 14, 2009 at 11:22:06AM -0700, mike wrote:

> 2009/3/14 Igor Sysoev <[hidden email]>:
>
> > Probably 403 should be return in both cases (static and dynamic) if error
> > is file not found.
>
> That is fine with me. I was going to recommend that but thought it
> might be a bit incorrect. Since htpasswd stuff -is- required to be
> configured on the server level, it is sort of a server error if it's
> pointing to the wrong file. However, the users can control the files a
> lot of the time and remove them...
>
> As long as there is a simple to read error log entry for it, that
> works. Right now a 404 throws an "error" - shouldn't that be more like
> a "notice" ?
>
> This missing file should be an error as it has more to do with server
> configuration. But me randomly typing in /ekfhskdfdskhfs into a site
> should not raise an "error" level:
>
> 2009/03/14 11:20:25 [error] 32217#0: *1 open()
> "/home/mike/web/192.168.1.3/fds" failed (2: No such file or
> directory), client: 192.168.1.2, server: 192.168.1.3, request: "GET
> /fds HTTP/1.1", host: "192.168.1.3"
>
> IMHO it should be less important for a 404 :)

The error level is done as in Apache. There is no simple way to tell
broken link from mistype/etc.


--
Igor Sysoev
http://sysoev.ru/en/

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Igor any change auth_basic_user_file can accept the new regex stuff?

Michael Shadle
correct, but why would that be an 'error'

an 'error' to me is something that the server needs to be reconfigured
for. this could be simple human error. it could also require server
tweaks to make it work too, but i guess you're right.

On Sat, Mar 14, 2009 at 12:46 PM, Igor Sysoev <[hidden email]> wrote:

> On Sat, Mar 14, 2009 at 11:22:06AM -0700, mike wrote:
>
>> 2009/3/14 Igor Sysoev <[hidden email]>:
>>
>> > Probably 403 should be return in both cases (static and dynamic) if error
>> > is file not found.
>>
>> That is fine with me. I was going to recommend that but thought it
>> might be a bit incorrect. Since htpasswd stuff -is- required to be
>> configured on the server level, it is sort of a server error if it's
>> pointing to the wrong file. However, the users can control the files a
>> lot of the time and remove them...
>>
>> As long as there is a simple to read error log entry for it, that
>> works. Right now a 404 throws an "error" - shouldn't that be more like
>> a "notice" ?
>>
>> This missing file should be an error as it has more to do with server
>> configuration. But me randomly typing in /ekfhskdfdskhfs into a site
>> should not raise an "error" level:
>>
>> 2009/03/14 11:20:25 [error] 32217#0: *1 open()
>> "/home/mike/web/192.168.1.3/fds" failed (2: No such file or
>> directory), client: 192.168.1.2, server: 192.168.1.3, request: "GET
>> /fds HTTP/1.1", host: "192.168.1.3"
>>
>> IMHO it should be less important for a 404 :)
>
> The error level is done as in Apache. There is no simple way to tell
> broken link from mistype/etc.
>
>
> --
> Igor Sysoev
> http://sysoev.ru/en/
>
>

Loading...