User placeholder not working in rewrite

calisro · December 19, 2018, 7:53pm

Hi. Can someone explain why this isn’t working? I’ve tried with other placeholders and it seems work just fine but doesn’t with the {user} placeholder.

xxxx:81 {
    proxy / localhost:7440 {
        max_fails 1
    }
    browse
    tls xxxx xxxx
    basicauth / calisro xxx
    basicauth / calisro2 xxx
    rewrite {
        if {user} not calisro
	to /method_not_allowed
    }
    status 405 /method_not_allowed
    log / stdout "{remote} - {user} [{when}] \"{method} {uri} {proto}\" {status} {size} - {rewrite_uri}"
    
}

Tests:

xxx@notebook2:~$ curl --head --user calisro:xxx https://xxxx:81/
HTTP/1.1 405 Method Not Allowed
Content-Type: text/plain; charset=utf-8
Server: Caddy
X-Content-Type-Options: nosniff
Date: Wed, 19 Dec 2018 19:34:05 GMT
Content-Length: 23

xxx@notebook2:~$ curl --head --user calisro2:xxx https://xxxx:81
HTTP/1.1 405 Method Not Allowed
Content-Type: text/plain; charset=utf-8
Server: Caddy
X-Content-Type-Options: nosniff
Date: Wed, 19 Dec 2018 19:34:14 GMT
Content-Length: 23

x.x.x.x - calisro [19/Dec/2018:14:34:05 -0500] "HEAD / HTTP/1.1" 405 23 - /method_not_allowed
x.x.x.x - calisro2 [19/Dec/2018:14:34:14 -0500] "HEAD / HTTP/1.1" 405 23 - /method_not_allowed

root@xxxx:/data/caddy# ./caddy --version
Caddy 0.11.1 (non-commercial use only)

If the rewrite is removed. It works just fine. Its not the proxied server:

Whitestrake · December 19, 2018, 11:19pm

Hi @calisro,

It looks like the issue is that in the plugin execution order, rewrite takes place much earlier than basicauth does, so when Caddy is performing the rewrite and checking {user}, the placeholder has not been set yet.

https://github.com/mholt/caddy/blob/0684cf861170a112a041137b352322602543ccdf/caddyhttp/httpserver/plugin.go#L626-L639

calisro · December 20, 2018, 8:40pm

I pulled the code and makes sense. Is this something I can create an issue for or is it done in this order on purpose and that tag just cant be accessible within the rewrite?

Whitestrake · December 21, 2018, 12:54am

The order of execution is pretty important, but I don’t know if it’s done purposely to have basicauth happen after rewrite. You’ve got a good use case for it being the other way around - I’d open up an issue and ask, so the Caddy developers and collaborators can have a look and determine a conclusion. Modifying the order has lots of potential other effects, and could break other use cases, so it’ll probably bear some discussion.

system · March 21, 2019, 1:03am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.