httpd-apreq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Kobes <ra...@theoryx5.uwinnipeg.ca>
Subject Re: [win32] Locations in Apache-Test framework
Date Fri, 18 Apr 2003 03:23:11 GMT
On Fri, 18 Apr 2003, Stas Bekman wrote:

> Stas Bekman wrote:
> > Randy Kobes wrote:
> > 
> >> On 14 Apr 2003, Joe Schaefer wrote:
> >>
> >>> I'd bet apache is just returning a 403 for security purposes,
> >>> since ':' is what separates the drive letter from the file path
> >>> on Windows. Superman^H^H^H^H^H^HWilliam Rowe probably knows the
> >>> full answer, so you might want to take this issue up on
> >>> dev@httpd.
> >>
> >> That looks like it's probably it - there's some discussions in
> >> the httpd-dev list that were along these lines. Further to this,
> >> a location like
> >>    <Location /hello/hell::o>
> >>      ....
> >>    </Location>
> >> does work - what might be happening is Win32 Apache is rejecting,
> >> via the 403, anything that looks like a leading drive designation, for 
> >> security purposes. 
> > 
> > Hmm, is this valid at all on winFU to supply a drive: entry in the URI 
> > path? I wonder why Apache can't reject paths with : in the first segment 
> > only if virtual mapping have failed.
> > 
> >> So it's probably easier to just s!::!-! or s!::!/!, as
> >> Stas proposed ... 
> > 
> > I think that even though <Location Foo/Bar> is more intuitive,
> > <Location Foo-Bar> is less error-prone.
> > 
> > I think <Location Foo/Bar> is potentially error-prone, since if one of 
> > the test package is 'Foo' we will have a location <Location Foo> and 
> > then we will get merging with <Location Foo/Bar> something that could be 
> > undesired.
> 
> I think that at the end I'm simply going to install a default
> TransHandler, semi-transparent to the developer (put it into
> the autogenerated httpd.conf), rather than change the URLs.

That's certainly the most straightforward thing to do, and less
subject to introducing new bugs. One downside though is that if
people use the mod_perl tests as a basis for their own
installations (which, given the extensive nature, is a wonderful
source of examples), they might not realize that it's this
TransHandler that makes such locations with ':' in their names
work on Win32. And getting 403s isn't the most intuitive error to
track down ....

I'd be willing to go through the mod_perl 2 tests and track
the changes needed to s/::/-/, if that'd be useful ....

-- 
best regards,
randy


Mime
View raw message