Closed iPPLE closed 7 years ago
I can ejabberdctl commands i want without respecting my access_commands , and here is my configuration :
modules: mod_rest: allowed_ips: - "127.0.0.1" access_commands: configure: - check_password - registered_users - connected_users - user_resources acl: restuser: user: - "userest": "ejabberd.local" access: configure: restuser: allow commands_admin_access: configure - port: 5280 module: ejabberd_http request_handlers: "/websocket": ejabberd_http_ws "/log": mod_log_http "/rest": mod_rest
and both commands are working :
wget http://ejabberd.local:5280/rest/ --server-response --post-data 'check_password linux ejabberd.local 111111'
wget http://ejabberd.local:5280/rest/ --server-response --post-data '--auth userest ejabberd.local 111111 check_password linux ejabberd.local 111111'
The command 1. should not be working since i have not entered even the username and password of the right user to access the rest.
I can ejabberdctl commands i want without respecting my access_commands , and here is my configuration :
and both commands are working :
wget http://ejabberd.local:5280/rest/ --server-response --post-data 'check_password linux ejabberd.local 111111'
wget http://ejabberd.local:5280/rest/ --server-response --post-data '--auth userest ejabberd.local 111111 check_password linux ejabberd.local 111111'
The command 1. should not be working since i have not entered even the username and password of the right user to access the rest.