[pkg-lighttpd] Bug#419176: lighttpd: Module loading order is important, ensure auth is loaded before fastcgi and status

Olaf van der Spek OlafvdSpek at GMail.Com
Sat Apr 14 07:36:45 UTC 2007


Package: lighttpd
Version: 1.4.13-10
Severity: normal

Hi,

Module loading order is important. If you load status before auth and use auth for status, auth is ignored and users can access status without 
authentication.
The same probably applies to fastcgi as well, so you should ensure modules are loaded in the proper order. Maybe auth should be loaded in 
lighttpd.conf at the top.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing'), (1, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.18-4-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages lighttpd depends on:
ii  libattr1                    1:2.4.32-1.1 Extended attribute shared library
ii  libbz2-1.0                  1.0.3-6      high-quality block-sorting file co
ii  libc6                       2.3.6.ds1-13 GNU C Library: Shared libraries
ii  libldap2                    2.1.30-13.4  OpenLDAP libraries
ii  libpcre3                    6.7-1        Perl 5 Compatible Regular Expressi
ii  libssl0.9.8                 0.9.8c-4     SSL shared libraries
ii  lsb-base                    3.1-23.1     Linux Standard Base 3.1 init scrip
ii  mime-support                3.39-1       MIME files 'mime.types' & 'mailcap
ii  perl                        5.8.8-7      Larry Wall's Practical Extraction 
ii  zlib1g                      1:1.2.3-13   compression library - runtime

Versions of packages lighttpd recommends:
ii  php5-cgi                      5.2.0-10   server-side, HTML-embedded scripti

-- no debconf information




More information about the pkg-lighttpd-maintainers mailing list