summaryrefslogtreecommitdiff
path: root/src/mod_access.c
diff options
context:
space:
mode:
authorJan Kneschke <jan@kneschke.de>2007-06-15 14:46:17 +0000
committerJan Kneschke <jan@kneschke.de>2007-06-15 14:46:17 +0000
commit022760f07ded9f01b3373fb13e39e3977f818434 (patch)
tree7c4ad96a9be676749c68a271cdb3272519e8b7dd /src/mod_access.c
parent8b06b122b1c664f2191e6270a96e7705db7ea89c (diff)
downloadlighttpd1.4-022760f07ded9f01b3373fb13e39e3977f818434.tar.gz
lighttpd1.4-022760f07ded9f01b3373fb13e39e3977f818434.zip
check the URL twice, before and after path-info handling. (fixes #1230)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1871 152afb58-edef-0310-8abb-c4023f1b3aa9
Diffstat (limited to 'src/mod_access.c')
-rw-r--r--src/mod_access.c37
1 files changed, 30 insertions, 7 deletions
diff --git a/src/mod_access.c b/src/mod_access.c
index 3fc05996..f100c804 100644
--- a/src/mod_access.c
+++ b/src/mod_access.c
@@ -111,6 +111,15 @@ static int mod_access_patch_connection(server *srv, connection *con, plugin_data
}
#undef PATCH
+/**
+ * URI handler
+ *
+ * we will get called twice:
+ * - after the clean up of the URL and
+ * - after the pathinfo checks are done
+ *
+ * this handles the issue of trailing slashes
+ */
URIHANDLER_FUNC(mod_access_uri_handler) {
plugin_data *p = p_d;
int s_len;
@@ -122,28 +131,41 @@ URIHANDLER_FUNC(mod_access_uri_handler) {
s_len = con->uri.path->used - 1;
+ if (con->conf.log_request_handling) {
+ log_error_write(srv, __FILE__, __LINE__, "s",
+ "-- mod_access_uri_handler called");
+ }
+
for (k = 0; k < p->conf.access_deny->used; k++) {
data_string *ds = (data_string *)p->conf.access_deny->data[k];
int ct_len = ds->value->used - 1;
+ int denied = 0;
- if (ct_len > s_len) continue;
+ if (ct_len > s_len) continue;
if (ds->value->used == 0) continue;
/* if we have a case-insensitive FS we have to lower-case the URI here too */
if (con->conf.force_lowercase_filenames) {
if (0 == strncasecmp(con->uri.path->ptr + s_len - ct_len, ds->value->ptr, ct_len)) {
- con->http_status = 403;
-
- return HANDLER_FINISHED;
+ denied = 1;
}
} else {
if (0 == strncmp(con->uri.path->ptr + s_len - ct_len, ds->value->ptr, ct_len)) {
- con->http_status = 403;
+ denied = 1;
+ }
+ }
- return HANDLER_FINISHED;
+ if (denied) {
+ con->http_status = 403;
+
+ if (con->conf.log_request_handling) {
+ log_error_write(srv, __FILE__, __LINE__, "sb",
+ "url denied as we match:", ds->value);
}
+
+ return HANDLER_FINISHED;
}
}
@@ -158,7 +180,8 @@ int mod_access_plugin_init(plugin *p) {
p->init = mod_access_init;
p->set_defaults = mod_access_set_defaults;
- p->handle_uri_clean = mod_access_uri_handler;
+ p->handle_uri_clean = mod_access_uri_handler;
+ p->handle_subrequest_start = mod_access_uri_handler;
p->cleanup = mod_access_free;
p->data = NULL;