tests for htpasswd + md5 and referer matching in conditionals
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@711 152afb58-edef-0310-8abb-c4023f1b3aa9svn/tags/lighttpd-1.4.6
parent
be5f187d0f
commit
e2cf5d3094
|
@ -8,7 +8,7 @@ BEGIN {
|
|||
|
||||
use strict;
|
||||
use IO::Socket;
|
||||
use Test::More tests => 11;
|
||||
use Test::More tests => 14;
|
||||
use LightyTest;
|
||||
|
||||
my $tf = LightyTest->new();
|
||||
|
@ -56,7 +56,7 @@ ok($tf->start_proc == 0, "Starting lighttpd") or die();
|
|||
|
||||
$t->{REQUEST} = ( <<EOF
|
||||
GET /nofile.png HTTP/1.0
|
||||
Host: www.example.org
|
||||
Host: referer.example.org
|
||||
EOF
|
||||
);
|
||||
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
|
||||
|
@ -64,21 +64,51 @@ ok($tf->handle_http($t) == 0, 'condition: Referer - no referer');
|
|||
|
||||
$t->{REQUEST} = ( <<EOF
|
||||
GET /nofile.png HTTP/1.0
|
||||
Host: www.example.org
|
||||
Referer: http://www.example.org/
|
||||
Host: referer.example.org
|
||||
Referer: http://referer.example.org/
|
||||
EOF
|
||||
);
|
||||
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
|
||||
ok($tf->handle_http($t) == 0, 'condition: Referer - referer matches regex');
|
||||
|
||||
$t->{REQUEST} = ( <<EOF
|
||||
TODO: {
|
||||
local $TODO = "referer matching in conditionals";
|
||||
$t->{REQUEST} = ( <<EOF
|
||||
GET /nofile.png HTTP/1.0
|
||||
Host: referer.example.org
|
||||
Referer: http://evil-referer.example.org/
|
||||
EOF
|
||||
);
|
||||
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ];
|
||||
ok($tf->handle_http($t) == 0, 'condition: Referer - referer doesn\'t match');
|
||||
}
|
||||
|
||||
$t->{REQUEST} = ( <<EOF
|
||||
GET /image.jpg HTTP/1.0
|
||||
Host: www.example.org
|
||||
Referer: http://123.example.org/
|
||||
EOF
|
||||
);
|
||||
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
|
||||
ok($tf->handle_http($t) == 0, 'condition: Referer - no referer');
|
||||
|
||||
$t->{REQUEST} = ( <<EOF
|
||||
GET /image.jpg HTTP/1.0
|
||||
Host: www.example.org
|
||||
Referer: http://referer.example.org/
|
||||
EOF
|
||||
);
|
||||
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
|
||||
ok($tf->handle_http($t) == 0, 'condition: Referer - referer matches regex');
|
||||
|
||||
$t->{REQUEST} = ( <<EOF
|
||||
GET /image.jpg HTTP/1.0
|
||||
Host: www.example.org
|
||||
Referer: http://evil-referer.example.org/
|
||||
EOF
|
||||
);
|
||||
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ];
|
||||
ok($tf->handle_http($t) == 0, 'condition: Referer - referer doesn\'t match');
|
||||
|
||||
|
||||
ok($tf->stop_proc == 0, "Stopping lighttpd");
|
||||
|
||||
|
|
|
@ -85,34 +85,27 @@ userdir.path = "/"
|
|||
ssl.engine = "disable"
|
||||
ssl.pemfile = "server.pem"
|
||||
|
||||
$HTTP["host"] == "auth-htpasswd.example.org" {
|
||||
auth.backend = "htpasswd"
|
||||
}
|
||||
|
||||
auth.backend = "plain"
|
||||
auth.backend.plain.userfile = "@SRCDIR@/tmp/lighttpd/lighttpd.user"
|
||||
auth.backend.plain.groupfile = "lighttpd.group"
|
||||
|
||||
auth.backend.ldap.hostname = "localhost"
|
||||
auth.backend.ldap.base-dn = "dc=my-domain,dc=com"
|
||||
auth.backend.ldap.filter = "(uid=$)"
|
||||
auth.backend.htpasswd.userfile = "@SRCDIR@/tmp/lighttpd/lighttpd.htpasswd"
|
||||
|
||||
|
||||
auth.require = ( "/server-status" =>
|
||||
(
|
||||
"method" => "digest",
|
||||
"realm" => "download archiv",
|
||||
# "require" => ("group=www", "user=jan", "host=192.168.2.10")
|
||||
"require" => "group=www|user=jan|host=192.168.2.10"
|
||||
),
|
||||
"/auth.php" =>
|
||||
(
|
||||
"method" => "basic",
|
||||
"realm" => "download archiv",
|
||||
# "require" => ("group=www", "user=jan", "host=192.168.2.10")
|
||||
"require" => "user=jan"
|
||||
),
|
||||
"/server-config" =>
|
||||
(
|
||||
"method" => "basic",
|
||||
"realm" => "download archiv",
|
||||
# "require" => ("group=www", "user=jan", "user=weigon", "host=192.168.2.10")
|
||||
"require" => "group=www|user=jan|host=192.168.2.10"
|
||||
"require" => "valid-user"
|
||||
)
|
||||
)
|
||||
|
||||
|
@ -175,7 +168,13 @@ $HTTP["remoteip"] =~ "(127.0.0.1)" {
|
|||
}
|
||||
|
||||
# deny access for all image stealers
|
||||
$HTTP["referer"] !~ "^($|http://www\.example\.org)" {
|
||||
url.access-deny = ( ".jpg", ".jpeg", ".png" )
|
||||
$HTTP["host"] == "referer.example.org" {
|
||||
$HTTP["referer"] !~ "^($|http://referer\.example\.org)" {
|
||||
url.access-deny = ( ".png" )
|
||||
}
|
||||
}
|
||||
|
||||
$HTTP["referer"] !~ "^($|http://referer\.example\.org)" {
|
||||
url.access-deny = ( ".jpg" )
|
||||
}
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@ BEGIN {
|
|||
|
||||
use strict;
|
||||
use IO::Socket;
|
||||
use Test::More tests => 6;
|
||||
use Test::More tests => 9;
|
||||
use LightyTest;
|
||||
|
||||
my $tf = LightyTest->new();
|
||||
|
@ -37,6 +37,32 @@ Authorization: Basic amFuOmphbg==
|
|||
EOF
|
||||
);
|
||||
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
|
||||
ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - plain');
|
||||
|
||||
$t->{REQUEST} = ( <<EOF
|
||||
GET /server-config HTTP/1.0
|
||||
Host: auth-htpasswd.example.org
|
||||
Authorization: Basic ZGVzOmRlcw==
|
||||
EOF
|
||||
);
|
||||
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
|
||||
ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (des)');
|
||||
|
||||
$t->{REQUEST} = ( <<EOF
|
||||
GET /server-config HTTP/1.0
|
||||
Host: auth-htpasswd.example.org
|
||||
Authorization: Basic bWQ1Om1kNQ==
|
||||
EOF
|
||||
);
|
||||
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
|
||||
ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token - htpasswd (md5)');
|
||||
|
||||
$t->{REQUEST} = ( <<EOF
|
||||
GET /server-config HTTP/1.0
|
||||
Authorization: Basic bWQ1Om1kNA==
|
||||
EOF
|
||||
);
|
||||
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 401 } ];
|
||||
ok($tf->handle_http($t) == 0, 'Basic-Auth: Valid Auth-token');
|
||||
|
||||
## this should not crash
|
||||
|
|
|
@ -37,6 +37,7 @@ cp $srcdir/docroot/123/*.txt \
|
|||
$srcdir/docroot/123/*.php \
|
||||
$srcdir/docroot/123/*.bla $tmpdir/servers/123.example.org/pages/
|
||||
cp $srcdir/lighttpd.user $tmpdir/
|
||||
cp $srcdir/lighttpd.htpasswd $tmpdir/
|
||||
cp $srcdir/var-include-sub.conf $tmpdir/../
|
||||
touch $tmpdir/servers/www.example.org/pages/image.jpg \
|
||||
$tmpdir/servers/www.example.org/pages/image.JPG \
|
||||
|
|
Loading…
Reference in New Issue