Another auth/location question - probably very simple to fix :)

Igor Sysoev is at rambler-co.ru
Sun Aug 17 10:09:50 MSD 2008


On Sat, Aug 16, 2008 at 03:00:34PM -0700, mike wrote:

> On Sat, Aug 16, 2008 at 1:07 PM, Igor Sysoev <is at rambler-co.ru> wrote:
> 
> > Looking at code, I've found that simple should work:
> >
> >          location /wordpress/admin {
> >
> > If nginx has found maximum static match, it look inclusive static and
> > regex locations. The matched inclusive regex location stops searching.
> >
> > It seems that inclusive locations should be documented:  forgot how they
> > works :).
> 
> this works:
>                location ~ /wordpress/wp-admin.* {
>                         auth_basic "wordpress";
>                         auth_basic_user_file /home/mike/web/foo.com/.htpasswd;
>                         location ~ \.php$ {
>                                 fastcgi_pass 127.0.0.1:11000;
>                         }
>                 }
> 
> this does not:
> 
>                 location /wordpress/admin/ {
>                         auth_basic "wordpress";
>                         auth_basic_user_file /home/mike/web/foo.com/.htpasswd;
>                         location ~ \.php$ {
>                                 fastcgi_pass 127.0.0.1:11000;
>                         }
>                 }
> 
> and this is the only other location block in that server block...
> 
>                 location ~ \.php$ {
>                         fastcgi_pass 127.0.0.1:11000;
>                 }

The attached patch should fix two inclusive bugs.

If will not help, the current workaround is to use one level locations:

    location ~ /wordpress/wp-admin {
        auth
    }

    location ~ /wordpress/wp-admin/.*\.php$ {
        auth
        fastcgi
    }

    location ~ \.php$ {
        fastcgi
    }


-- 
Igor Sysoev
http://sysoev.ru/en/
-------------- next part --------------
Index: src/http/ngx_http_core_module.c
===================================================================
--- src/http/ngx_http_core_module.c	(revision 1500)
+++ src/http/ngx_http_core_module.c	(working copy)
@@ -1117,18 +1117,41 @@
 }
 
 
+/*
+ * NGX_OK                         - exact or regex match
+ * NGX_DONE                       - auto redirect
+ * NGX_AGAIN                      - inclusive match
+ * NGX_DECLINED                   - no match
+ * NGX_HTTP_INTERNAL_SERVER_ERROR - error
+ */
+
 static ngx_int_t
 ngx_http_core_find_location(ngx_http_request_t *r)
 {
     ngx_int_t                  rc;
     ngx_http_core_loc_conf_t  *pclcf;
+#if (NGX_PCRE)
+    ngx_int_t                  n;
+    ngx_uint_t                 noregex;
+    ngx_http_core_loc_conf_t  *clcf, **clcfp;
 
+    noregex = 0;
+#endif
+
     pclcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
 
     rc = ngx_http_core_find_static_location(r, pclcf->static_locations);
 
     if (rc == NGX_AGAIN) {
+
+#if (NGX_PCRE)
+        clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
+
+        noregex = clcf->noregex;
+#endif
+
         /* look up nested locations */
+
         rc = ngx_http_core_find_location(r);
     }
 
@@ -1139,14 +1162,9 @@
     /* rc == NGX_DECLINED or rc == NGX_AGAIN in nested location */
 
 #if (NGX_PCRE)
-    {
-    ngx_int_t                  n;
-    ngx_http_core_loc_conf_t  *clcf, **clcfp;
 
-    clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
+    if (noregex == 0 && pclcf->regex_locations) {
 
-    if (clcf->noregex == 0 && pclcf->regex_locations) {
-
         for (clcfp = pclcf->regex_locations; *clcfp; clcfp++) {
 
             ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
@@ -1172,10 +1190,11 @@
 
             /* look up nested locations */
 
-            return ngx_http_core_find_location(r);
+            (void) ngx_http_core_find_location(r);
+
+            return NGX_OK;
         }
     }
-    }
 #endif
 
     return rc;


More information about the nginx mailing list