[nginx] Fixed "satisfy any" if 403 is returned after 401 (ticket...

Maxim Dounin mdounin at mdounin.ru
Fri Oct 18 14:16:05 UTC 2013


details:   http://hg.nginx.org/nginx/rev/fcecb9c6a057
branches:  
changeset: 5428:fcecb9c6a057
user:      Maxim Dounin <mdounin at mdounin.ru>
date:      Fri Oct 18 18:13:49 2013 +0400
description:
Fixed "satisfy any" if 403 is returned after 401 (ticket #285).

The 403 (Forbidden) should not overwrite 401 (Unauthorized) as the
latter should be returned with the WWW-Authenticate header to request
authentication by a client.

The problem could be triggered with 3rd party modules and the "deny"
directive, or with auth_basic and auth_request which returns 403
(in 1.5.4+).

Patch by Jan Marc Hoffmann.

diffstat:

 src/http/ngx_http_core_module.c |  4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diffs (14 lines):

diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c
--- a/src/http/ngx_http_core_module.c
+++ b/src/http/ngx_http_core_module.c
@@ -1144,7 +1144,9 @@ ngx_http_core_access_phase(ngx_http_requ
         }
 
         if (rc == NGX_HTTP_FORBIDDEN || rc == NGX_HTTP_UNAUTHORIZED) {
-            r->access_code = rc;
+            if (r->access_code != NGX_HTTP_UNAUTHORIZED) {
+                r->access_code = rc;
+            }
 
             r->phase_handler++;
             return NGX_AGAIN;



More information about the nginx-devel mailing list