nginx-0.3.53-RELEASE importrelease-0.3.53

    *) Change: the "add_header" directive adds the string to 204, 301, and
       302 responses.

    *) Feature: the "server" directive in the "upstream" context supports
       the "weight" parameter.

    *) Feature: the "server_name" directive supports the "*" wildcard.

    *) Feature: nginx supports the request body size more than 2G.

    *) Bugfix: if a client was successfully authorized using "satisfy_any
       on", then anyway the message "access forbidden by rule" was written
       in the log.

    *) Bugfix: the "PUT" method may erroneously not create a file and
       return the 409 code.

    *) Bugfix: if the IMAP/POP3 backend returned an error, then nginx
       continued proxying anyway.

1 files changed, 7 insertions, 2 deletions

diff --git a/src/http/modules/ngx_http_access_module.c b/src/http/modules/ngx_http_access_module.c
index 710dd248e..b8aa3aae2 100644
--- a/src/http/modules/ngx_http_access_module.c
+++ b/src/http/modules/ngx_http_access_module.c
@@ -92,6 +92,7 @@ ngx_http_access_handler(ngx_http_request_t *r)
     ngx_uint_t                   i;
     struct sockaddr_in          *sin;
     ngx_http_access_rule_t      *rule;
+    ngx_http_core_loc_conf_t    *clcf;
     ngx_http_access_loc_conf_t  *alcf;
 
     alcf = ngx_http_get_module_loc_conf(r, ngx_http_access_module);
@@ -113,8 +114,12 @@ ngx_http_access_handler(ngx_http_request_t *r)
 
         if ((sin->sin_addr.s_addr & rule[i].mask) == rule[i].addr) {
             if (rule[i].deny) {
-                ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
-                              "access forbidden by rule");
+                clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
+
+                if (!clcf->satisfy_any) {
+                    ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+                                  "access forbidden by rule");
+                }
 
                 return NGX_HTTP_FORBIDDEN;
             }