summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorGlenn Strauss <gstrauss@gluelogic.com>2016-07-13 02:12:56 -0400
committerGlenn Strauss <gstrauss@gluelogic.com>2016-07-13 04:12:08 -0400
commitce7d040bf3def63bf8cfdcd9686c260349124016 (patch)
treed2f2183605f0c2a5c8dbb89bdf73c890a40dbb3d /tests
parent5e76b284df750e6c4196c4e24ff55be9271763f6 (diff)
downloadlighttpd1.4-ce7d040bf3def63bf8cfdcd9686c260349124016.tar.gz
lighttpd1.4-ce7d040bf3def63bf8cfdcd9686c260349124016.zip
[mod_access] new directive url.access-allow (fixes #1421)
url.access-allow is list of allowed url suffixes (e.g. file extensions) If url.access-allow has been set, then deny any URL that does not match the explicitly listed suffixes. (thx japc) x-ref: "access_allow directive for lighttpd" https://redmine.lighttpd.net/issues/1421
Diffstat (limited to 'tests')
-rw-r--r--tests/lighttpd.conf5
-rwxr-xr-xtests/mod-access.t18
2 files changed, 22 insertions, 1 deletions
diff --git a/tests/lighttpd.conf b/tests/lighttpd.conf
index 1893c5d4..864a28cc 100644
--- a/tests/lighttpd.conf
+++ b/tests/lighttpd.conf
@@ -292,6 +292,11 @@ $HTTP["cookie"] =~ "empty-ref" {
}
}
+$HTTP["host"] =~ "allow\.example\.org$" {
+ url.access-allow = ( ".txt" ) # allow takes precedence over deny
+ url.access-deny = ( ".txt" )
+}
+
$HTTP["host"] == "etag.example.org" {
static-file.etags = "disable"
compress.filetype = ()
diff --git a/tests/mod-access.t b/tests/mod-access.t
index 58c01ac7..de4f22c1 100755
--- a/tests/mod-access.t
+++ b/tests/mod-access.t
@@ -8,7 +8,7 @@ BEGIN {
use strict;
use IO::Socket;
-use Test::More tests => 4;
+use Test::More tests => 6;
use LightyTest;
my $tf = LightyTest->new();
@@ -30,5 +30,21 @@ EOF
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ];
ok($tf->handle_http($t) == 0, '#1230 - forbid access to ...~ - trailing slash');
+$t->{REQUEST} = ( <<EOF
+GET /ssi-include.txt HTTP/1.0
+Host: allow.example.org
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
+ok($tf->handle_http($t) == 0, 'explicitly allowed');
+
+$t->{REQUEST} = ( <<EOF
+GET /cgi.pl HTTP/1.0
+Host: allow.example.org
+EOF
+ );
+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ];
+ok($tf->handle_http($t) == 0, 'not explicitly allowed');
+
ok($tf->stop_proc == 0, "Stopping lighttpd");