Bug 56230 - mod_access_compat can log a bogus client denied message
Summary: mod_access_compat can log a bogus client denied message
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_access_compat (show other bugs)
Version: 2.4.12
Hardware: PC Mac OS X 10.4
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-03-07 00:00 UTC by Jon
Modified: 2019-01-06 13:06 UTC (History)
0 users



Attachments
patch (616 bytes, patch)
2015-06-02 08:11 UTC, Petr Gajdos
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jon 2014-03-07 00:00:46 UTC
If a "Satisfy Any" directive is used with mod_access_compat, it will always log a client denied message based on the access directives ignoring the possibility that the client was permitted via the other authentication methods.

Looking at the code that was split from mod_authz_hosts into mod_access_compat, it seems that some of the checks to skip the log message in this case were lost in the move:

Old code:
http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/aaa/mod_authz_host.c?revision=667776&view=markup#l309

New code:
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_access_compat.c?revision=1463056&view=markup#l348

I re-added the other two components of the if statement and the message went away.
Comment 1 Petr Gajdos 2015-06-02 08:07:38 UTC
Are you planning to fix this issue?

I don't want to push, just to know if it is going to be on table in the near future.

As Jon suggests, following patch fixes the problem for me, but not sure if there are not some side effects.
Comment 2 Petr Gajdos 2015-06-02 08:11:01 UTC
Created attachment 32778 [details]
patch
Comment 3 Jon 2015-06-02 15:05:30 UTC
I've been using such a patch since shortly after filing this. Its been working for me.