dnsdist: Send a 404 on unknown API path

Before, a 401 would be sent for unknown API paths due to the strict
checking.

diff --git a/pdns/dnsdist-web.cc b/pdns/dnsdist-web.cc
index 88084a06ac5831feee70f8d9e32787cf978b6610..ccecf1a48aa2043525026c1c18ad2463b00c27af 100644 (file)
--- a/pdns/dnsdist-web.cc
+++ b/pdns/dnsdist-web.cc
@@ -100,10 +100,7 @@ static bool compareAuthorization(YaHTTP::Request& req, const string &expected_pa
     /* if this is a request for the API,
        check if the API key is correct */
     if (req.url.path=="/jsonstat" ||
-        req.url.path=="/api/v1/servers/localhost" ||
-        req.url.path=="/api/v1/servers/localhost/config" ||
-        req.url.path=="/api/v1/servers/localhost/config/allow-from" ||
-        req.url.path=="/api/v1/servers/localhost/statistics") {
+        req.url.path.find("/api/") == 0) {
       header = req.headers.find("x-api-key");
       if (header != req.headers.end()) {
         auth_ok = (0==strcmp(header->second.c_str(), expectedApiKey.c_str()));

diff --git a/regression-tests.dnsdist/test_API.py b/regression-tests.dnsdist/test_API.py
index fd4a323812956f60df507426856b137e35c6dc72..cd4da7bab89b8ac6553551cbfc6afe4f5acda269 100644 (file)
--- a/regression-tests.dnsdist/test_API.py
+++ b/regression-tests.dnsdist/test_API.py
@@ -100,6 +100,15 @@ class TestAPIBasics(DNSDistTest):
             for key in ['id', 'queries']:
                 self.assertTrue(frontend[key] >= 0)
 
+    def testServersIDontExist(self):
+        """
+        API: /api/v1/servers/idontexist (should be 404)
+        """
+        headers = {'x-api-key': self._webServerAPIKey}
+        url = 'http://127.0.0.1:' + str(self._webServerPort) + '/api/v1/servers/idontexist'
+        r = requests.get(url, headers=headers, timeout=self._webTimeout)
+        self.assertEquals(r.status_code, 404)
+
     def testServersLocalhostConfig(self):
         """
         API: /api/v1/servers/localhost/config