diff --git a/src/html-error.c b/src/html-error.c index 625a586..ee3c987 100644 --- a/src/html-error.c +++ b/src/html-error.c @@ -164,13 +164,17 @@ int send_http_headers (struct conn_s *connptr, int code, const char *message) "%s" "Connection: close\r\n" "\r\n"; - const char auth_str[] = + const char p_auth_str[] = "Proxy-Authenticate: Basic realm=\"" PACKAGE_NAME "\"\r\n"; + const char w_auth_str[] = + "WWW-Authenticate: Basic realm=\"" + PACKAGE_NAME "\"\r\n"; + /* according to rfc7235, the 407 error must be accompanied by a Proxy-Authenticate header field. */ - const char *add = code == 407 ? auth_str : ""; + const char *add = code == 407 ? p_auth_str : (code == 401 ? w_auth_str : ""); return (write_message (connptr->client_fd, headers, code, message, PACKAGE, VERSION, diff --git a/src/reqs.c b/src/reqs.c index bbdcc74..8450cff 100644 --- a/src/reqs.c +++ b/src/reqs.c @@ -1611,11 +1611,22 @@ void handle_connection (int fd) if (config.basicauth_list != NULL) { ssize_t len; char *authstring; - int failure = 1; + int failure = 1, stathost_connect = 0; len = hashmap_entry_by_key (hashofheaders, "proxy-authorization", (void **) &authstring); + if (len == 0 && config.stathost) { + len = hashmap_entry_by_key (hashofheaders, "host", + (void **) &authstring); + if (len && !strncmp(authstring, config.stathost, strlen(config.stathost))) { + len = hashmap_entry_by_key (hashofheaders, "authorization", + (void **) &authstring); + stathost_connect = 1; + } else len = 0; + } + if (len == 0) { + if (stathost_connect) goto e401; update_stats (STAT_DENIED); indicate_http_error (connptr, 407, "Proxy Authentication Required", "detail", @@ -1629,6 +1640,7 @@ void handle_connection (int fd) basicauth_check (config.basicauth_list, authstring + 6) == 1) failure = 0; if(failure) { +e401: update_stats (STAT_DENIED); indicate_http_error (connptr, 401, "Unauthorized", "detail",