Skip to content

Digest auth not working for uri '/' #13

hnakamur opened this Issue Jul 18, 2012 · 1 comment

2 participants


I debugged and found out r->uri become '/index.html' even when the request line is 'GET / HTTP/1.1'.
On the other hand, r-> = '/ HTTP/1.1' and r->unparsed_uri.len = 1,
so we should take substring of length r->unparsed_uri.len of r->

This is achieved with two commits below:

However, even with these fixes, it still does not work for uri '/'.
It seems that ngx_bitvector_test in ngx_int_tngx_http_auth_digest_verify_hash returns false.

carlst commented Nov 14, 2014

Yes, Nginx does an internal redirect to the index file when r->uri is '/' (default index file is '/index.html'). So, even if r-> is used, the found->nc bitvector will already be cleared by the initial uri processing (to prevent replays).

One workaround is to check r->internal when found != NULL && ngx_bitvector_test(...) returns false. More checking needs to be done to ensure this is secure.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.