ПРОЕКТЫ 


  АРХИВ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 


  СТАТЬИ 


  ПЕРСОНАЛЬНОЕ 


  ПРОГРАММЫ 



ПИШИТЕ
ПИСЬМА












     АРХИВ :: nginx-ru
Nginx-ru mailing list archive (nginx-ru@sysoev.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: проблема с satisfy any;



On Fri, Sep 18, 2009 at 03:12:03PM +0300, Andrew Sitnikov wrote:

> Hello Igor,
> 
> Friday, September 18, 2009, 2:42:53 PM, you wrote:
> 
> IS> On Fri, Sep 18, 2009 at 02:08:12PM +0300, Andrew Sitnikov wrote:
> 
> >> Hello Igor,
> >> 
> >> Friday, September 18, 2009, 1:03:31 PM, you wrote:
> >> 
> >> IS> On Fri, Sep 18, 2009 at 12:49:50PM +0300, Andrew Sitnikov wrote:
> >> 
> >> >> Hello Igor,
> >> >> 
> >> >> IS> У меня эта конфигурация на 0.7.62 выдало такое:
> >> >> IS> 2009/09/18 11:37:38 [debug] 98153#0: *1 access phase: 8
> >> >> IS> 2009/09/18 11:37:38 [debug] 98153#0: *1 access: 935A1351 FFFFFFFF 
> >> >> 04030201
> >> >> IS> 2009/09/18 11:37:38 [debug] 98153#0: *1 access: 935A1351 00000000 
> >> >> 00000000
> >> >> IS> 2009/09/18 11:37:38 [debug] 98153#0: *1 access phase: 9
> >> >> IS> 2009/09/18 11:37:38 [error] 98153#0: *1 no user/password was
> >> >> IS> provided for basic authentication, ...
> >> >> IS> 2009/09/18 11:37:38 [debug] 98153#0: *1 post access phase: 10
> >> >> 
> >> >> IS> Есть ощущение, что не собран один из модулей - 
> >> >> ngx_http_access_module
> >> >> IS> или ngx_http_auth_basic_module. Что показывает "nginx -t" ?
> >> >> если  убрать  satisfy  то  сработает  deny. если убрать еще и deny то
> >> >> сработает auth. так что модули все на месте.
> >> 
> >> IS> Как выглядит лог без satisfy и deny, но с ошибкой в auth в районе
> >> IS>     access phase
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 event timer del: 10: 1253272111197
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 generic phase: 0
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 add cleanup: 0000000014FF5148
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 generic phase: 1
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 test location: "/"
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 using configuration "/"
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 http cl:-1 max:1048576
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 generic phase: 3
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 post rewrite phase: 4
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 generic phase: 5
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 add cleanup: 0000000014FF5180
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 generic phase: 6
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 generic phase: 7
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 access phase: 8
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 access phase: 9
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 access phase: 10
> >> 2009/09/18 14:07:31 [error] 15675#0: *2 no user/password was provided for 
> >> basic authentication, client: 212.7.1.2, server: si.infonet.ee, request: 
> >> "GET / HTTP/1.1", host: "si.infonet.ee:8000"
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 http finalize request: 401, "/?" 1
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 http special response: 401, "/?"
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 http set discard body
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 HTTP/1.1 401 Unauthorized
> 
> IS> Я правильно понимаю, что конфиг, приведённый в самом первом письме полный 
> ?
> да. он короткий.
> 
> user  wwwrun www;
> worker_processes  1;
> 
> error_log  /var/log/nginx/error.log;
> pid        /var/run/nginx.pid;
> 
> events {
>     worker_connections  1024;
>         debug_connection 212.7.1.2;
> }
> 
> 
> http {
>     include       /etc/nginx/mime.types;
>     default_type  application/octet-stream;
> 
>     sendfile  on;
>     gzip  on;
> 
>     server {
>         listen  8000;
> 
>             satisfy any;
>                 #allow 1.2.3.4/32;
>             deny all;
>                                                                               
>                                                                
>             auth_basic "Restricted Zone";                                     
>                                                                        
>             auth_basic_user_file  /etc/nginx/.htpasswd;
>     
>             location / {
>             root   /var/www/nginx/htdocs;
>             index  index.html;
>         }
>     }
> }

То что, deny не проверяется, похоже на ipv6.
А вот с "satisfy any" пока не понятно.


-- 
Игорь Сысоев
http://sysoev.ru



 




Copyright © Lexa Software, 1996-2009.