From 4eca2c0bd5d76156266ceb250abd545863c88490 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Wed, 17 Jul 2013 23:24:19 +1000 Subject: [PATCH] TST: apache-auth client denied by server configuration --- config/filter.d/apache-auth.conf | 5 +++-- testcases/files/config/apache-auth/noentry/.htaccess | 1 + testcases/files/logs/apache-auth | 10 ++++++++++ 3 files changed, 14 insertions(+), 2 deletions(-) create mode 100644 testcases/files/config/apache-auth/noentry/.htaccess diff --git a/config/filter.d/apache-auth.conf b/config/filter.d/apache-auth.conf index 34089abb..47373573 100644 --- a/config/filter.d/apache-auth.conf +++ b/config/filter.d/apache-auth.conf @@ -26,12 +26,13 @@ before = apache-common.conf # all of these expressions. Lots of submodules like mod_authz_* return back to mod_authz_core # to return the actual failure. -failregex = ^%(_apache_error_client)s user .* authentication failure for "\S*": Password Mismatch$ +failregex = ^%(_apache_error_client)s client denied by server configuration: (uri )?\S*\s*$ + ^%(_apache_error_client)s user .* authentication failure for "\S*": Password Mismatch$ ^%(_apache_error_client)s user .* not found: \S*\s*$ ^%(_apache_error_client)s client used wrong authentication scheme: \S*\s*$ ^%(_apache_error_client)s Authorization of user \S+ to access \S* failed, reason: file owner \S+ does not match.\s*$ ^%(_apache_error_client)s authorization failure \(no authenticated user\): \S*\s*$ - ^%(_apache_error_client)s client denied by server configuration: (uri )?\S*\s*$ + ^%(_apache_error_client)s user .* authorization failure: \S*\s*$ ^%(_apache_error_client)s user .* authorization failure for "\S*": \s*$ ^%(_apache_error_client)s invalid nonce .* received - (length|hash) is not \S+\s*$ diff --git a/testcases/files/config/apache-auth/noentry/.htaccess b/testcases/files/config/apache-auth/noentry/.htaccess new file mode 100644 index 00000000..3a428827 --- /dev/null +++ b/testcases/files/config/apache-auth/noentry/.htaccess @@ -0,0 +1 @@ +Deny from all diff --git a/testcases/files/logs/apache-auth b/testcases/files/logs/apache-auth index 2c1b6a73..b84631f7 100644 --- a/testcases/files/logs/apache-auth +++ b/testcases/files/logs/apache-auth @@ -8,6 +8,15 @@ # The failures below use the configuration described in testcases/conf/apache-auth # + +# wget http://localhost/noentry/cant_get_me.html -O /dev/null +# failJSON: { "time": "2013-07-17T23:20:45", "match": true , "host": "127.0.0.1" } +[Wed Jul 17 23:20:45 2013] [error] [client 127.0.0.1] client denied by server configuration: /var/www/html/noentry/cant_get_me.html + +# wget --http-user='' --http-password='' http://localhost/basic/file/cant_get_me.html -O /dev/null +# failJSON: { "time": "2013-07-17T23:14:37", "match": true , "host": "127.0.0.1" } +[Wed Jul 17 23:14:37 2013] [error] [client 127.0.0.1] user not found: /basic/anon/cant_get_me.html + # wget --http-user=username --http-password=wrongpass http://localhost/basic/file -O /dev/null # failJSON: { "time": "2013-07-17T22:18:52", "match": true , "host": "127.0.0.1" } [Wed Jul 17 22:18:52 2013] [error] [client 127.0.0.1] user username: authentication failure for "/basic/file": Password Mismatch @@ -23,3 +32,4 @@ # wget --http-user=username --http-password=password http://localhost/basic/authz_owner/cant_get_me.html -O /dev/null # failJSON: { "time": "2013-07-17T22:54:32", "match": true , "host": "127.0.0.1" } [Wed Jul 17 22:54:32 2013] [error] [client 127.0.0.1] Authorization of user username to access /basic/authz_owner/cant_get_me.html failed, reason: file owner dan does not match. +