Hello!

On Sun, Apr 17, 2011 at 06:26:56PM +0100, Ian Hobson wrote:

> Hi,
>
> I'm still using Nginx 0.7.67 and I think I have found a minor bug.
>
> In my config files, for one domain I have entries like this to
> protect two directories.
>
> location /secret {
> index index.html
> auth_basic "Please login";

This syntactically correct and defines three possible index files:
"index.html", "auth_basic" and "Please login".

> auth_basic_user_file /path/to/passwordfile

Note this doesn't have ";" as well and will make config
syntactially incorrect. You won't be able to start nginx such
config, but I assume this is artifact introduced during writing
this message.

> }
>
> location /private {
> auth_basic "Hello, Please login";
> authObasic_user_file /path/to/passwordfile;
> if ()
> etc
>
> Note the second line above has no trailing semi-colon.
>
> The result is that /secret is not protected (although /private is).
>
> The bug is that when nginx is restarted, it announces that the config file
> is valid, when it isn't, (so the problem was not detected for many months).

The problem is that config file is actually valid. It's not
really possible to detect such configuration errors as long as
resulting construct is valid.

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx