Igor any change auth_basic_user_file can accept the new regex stuff?

Igor Sysoev is at rambler-co.ru
Sat Mar 14 22:46:55 MSK 2009


On Sat, Mar 14, 2009 at 11:22:06AM -0700, mike wrote:

> 2009/3/14 Igor Sysoev <is at rambler-co.ru>:
> 
> > Probably 403 should be return in both cases (static and dynamic) if error
> > is file not found.
> 
> That is fine with me. I was going to recommend that but thought it
> might be a bit incorrect. Since htpasswd stuff -is- required to be
> configured on the server level, it is sort of a server error if it's
> pointing to the wrong file. However, the users can control the files a
> lot of the time and remove them...
> 
> As long as there is a simple to read error log entry for it, that
> works. Right now a 404 throws an "error" - shouldn't that be more like
> a "notice" ?
> 
> This missing file should be an error as it has more to do with server
> configuration. But me randomly typing in /ekfhskdfdskhfs into a site
> should not raise an "error" level:
> 
> 2009/03/14 11:20:25 [error] 32217#0: *1 open()
> "/home/mike/web/192.168.1.3/fds" failed (2: No such file or
> directory), client: 192.168.1.2, server: 192.168.1.3, request: "GET
> /fds HTTP/1.1", host: "192.168.1.3"
> 
> IMHO it should be less important for a 404 :)

The error level is done as in Apache. There is no simple way to tell
broken link from mistype/etc.


-- 
Igor Sysoev
http://sysoev.ru/en/





More information about the nginx mailing list