Nginx-ru mailing list archive (nginx-ru@sysoev.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: проблема с satisfy any;
On Fri, Sep 18, 2009 at 03:12:03PM +0300, Andrew Sitnikov wrote:
> Hello Igor,
>
> Friday, September 18, 2009, 2:42:53 PM, you wrote:
>
> IS> On Fri, Sep 18, 2009 at 02:08:12PM +0300, Andrew Sitnikov wrote:
>
> >> Hello Igor,
> >>
> >> Friday, September 18, 2009, 1:03:31 PM, you wrote:
> >>
> >> IS> On Fri, Sep 18, 2009 at 12:49:50PM +0300, Andrew Sitnikov wrote:
> >>
> >> >> Hello Igor,
> >> >>
> >> >> IS> У меня эта конфигурация на 0.7.62 выдало такое:
> >> >> IS> 2009/09/18 11:37:38 [debug] 98153#0: *1 access phase: 8
> >> >> IS> 2009/09/18 11:37:38 [debug] 98153#0: *1 access: 935A1351 FFFFFFFF
> >> >> 04030201
> >> >> IS> 2009/09/18 11:37:38 [debug] 98153#0: *1 access: 935A1351 00000000
> >> >> 00000000
> >> >> IS> 2009/09/18 11:37:38 [debug] 98153#0: *1 access phase: 9
> >> >> IS> 2009/09/18 11:37:38 [error] 98153#0: *1 no user/password was
> >> >> IS> provided for basic authentication, ...
> >> >> IS> 2009/09/18 11:37:38 [debug] 98153#0: *1 post access phase: 10
> >> >>
> >> >> IS> Есть ощущение, что не собран один из модулей -
> >> >> ngx_http_access_module
> >> >> IS> или ngx_http_auth_basic_module. Что показывает "nginx -t" ?
> >> >> если убрать satisfy то сработает deny. если убрать еще и deny то
> >> >> сработает auth. так что модули все на месте.
> >>
> >> IS> Как выглядит лог без satisfy и deny, но с ошибкой в auth в районе
> >> IS> access phase
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 event timer del: 10: 1253272111197
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 generic phase: 0
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 add cleanup: 0000000014FF5148
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 generic phase: 1
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 test location: "/"
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 using configuration "/"
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 http cl:-1 max:1048576
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 generic phase: 3
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 post rewrite phase: 4
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 generic phase: 5
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 add cleanup: 0000000014FF5180
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 generic phase: 6
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 generic phase: 7
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 access phase: 8
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 access phase: 9
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 access phase: 10
> >> 2009/09/18 14:07:31 [error] 15675#0: *2 no user/password was provided for
> >> basic authentication, client: 212.7.1.2, server: si.infonet.ee, request:
> >> "GET / HTTP/1.1", host: "si.infonet.ee:8000"
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 http finalize request: 401, "/?" 1
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 http special response: 401, "/?"
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 http set discard body
> >> 2009/09/18 14:07:31 [debug] 15675#0: *2 HTTP/1.1 401 Unauthorized
>
> IS> Я правильно понимаю, что конфиг, приведённый в самом первом письме полный
> ?
> да. он короткий.
>
> user wwwrun www;
> worker_processes 1;
>
> error_log /var/log/nginx/error.log;
> pid /var/run/nginx.pid;
>
> events {
> worker_connections 1024;
> debug_connection 212.7.1.2;
> }
>
>
> http {
> include /etc/nginx/mime.types;
> default_type application/octet-stream;
>
> sendfile on;
> gzip on;
>
> server {
> listen 8000;
>
> satisfy any;
> #allow 1.2.3.4/32;
> deny all;
>
>
> auth_basic "Restricted Zone";
>
> auth_basic_user_file /etc/nginx/.htpasswd;
>
> location / {
> root /var/www/nginx/htdocs;
> index index.html;
> }
> }
> }
То что, deny не проверяется, похоже на ipv6.
А вот с "satisfy any" пока не понятно.
--
Игорь Сысоев
http://sysoev.ru
|
