-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RemoteIP check is not executed on every access #19
Comments
the module normaly check ip with the ip stored in the session only if you set Auth_memCookie_MatchIP_Mode (to >0 value), by default they don't check the ip. i've you setted this option ? |
@mcarbonneaux thanks for checking out this issue. Yes, I did set it:
And, with First access, no valid cookie set:
After authentication, with valid cookie and valid key on memcached:
After change my ipaddress:
Apparently, mod_auth_memcookie never made this check: https://github.com/ZenProjects/Apache-Authmemcookie-Module/blob/master/mod_auth_memcookie.c#L537 |
When the RemoteIp changes after user has authenticated, authMemcookie does not prevent user from accessing URLs.
This behaviour seems to happen only on apache 2.4.
I've narred down the issue to the hook definition
Apparently, according to apache dev doc, this hook only executes if the configuration is different from the first access, but I couldn't make it work, even using different locations, one for authentication and another one with the "requires".
The text was updated successfully, but these errors were encountered: