From 54e9e208f48c1ee085a8512e7aeb11ab0c075819 Mon Sep 17 00:00:00 2001
From: hyung-hwan <hyunghwan.chung@gmail.com>
Date: Tue, 27 May 2025 21:54:54 +0900
Subject: [PATCH] fixed the http access rule matching

---
 hodu.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/hodu.go b/hodu.go
index 126e37f..2854b27 100644
--- a/hodu.go
+++ b/hodu.go
@@ -7,7 +7,6 @@ import "net"
 import "net/http"
 import "net/netip"
 import "os"
-import "path/filepath"
 import "runtime"
 import "strings"
 import "sync"
@@ -355,7 +354,9 @@ func (auth *HttpAuthConfig) Authenticate(req *http.Request) (int, string) {
 
 	for _, rule = range auth.AccessRules {
 		// i don't take into account X-Forwarded-For and similar headers
-		if req.URL.Path == rule.Prefix || strings.HasPrefix(req.URL.Path, filepath.Clean(rule.Prefix + "/")) {
+		var pfxd string = rule.Prefix
+		if pfxd[len(pfxd) -1] != '/' { pfxd = pfxd + "/" }
+		if req.URL.Path == rule.Prefix || strings.HasPrefix(req.URL.Path, pfxd) {
 			var org_net_ok bool
 
 			if len(rule.OrgNets) > 0 && raddr.IsValid() {