httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sl...@apache.org
Subject svn commit: r160595 - in httpd/httpd/branches/simple-conf: docs/conf/extra/httpd-default.conf.in docs/conf/httpd.conf.in docs/manual/mod/core.xml server/core.c
Date Fri, 08 Apr 2005 20:13:23 GMT
Author: slive
Date: Fri Apr  8 13:13:22 2005
New Revision: 160595

URL: http://svn.apache.org/viewcvs?view=rev&rev=160595
Log:
Change the default setting of UseCanonicalName to off and remove
that directive from the default config.

This could use some review because it has potential security
implications.  In particular, it could cause cross-site scripting
vulnerabilities if people rely on SERVER_NAME without validating
it.  But we have been running with this in our default config file
for a while, and it vastly reduces the confusion that comes
from people setting ServerName incorrectly.


Modified:
    httpd/httpd/branches/simple-conf/docs/conf/extra/httpd-default.conf.in
    httpd/httpd/branches/simple-conf/docs/conf/httpd.conf.in
    httpd/httpd/branches/simple-conf/docs/manual/mod/core.xml
    httpd/httpd/branches/simple-conf/server/core.c

Modified: httpd/httpd/branches/simple-conf/docs/conf/extra/httpd-default.conf.in
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/simple-conf/docs/conf/extra/httpd-default.conf.in?view=diff&r1=160594&r2=160595
==============================================================================
--- httpd/httpd/branches/simple-conf/docs/conf/extra/httpd-default.conf.in (original)
+++ httpd/httpd/branches/simple-conf/docs/conf/extra/httpd-default.conf.in Fri Apr  8 13:13:22
2005
@@ -29,6 +29,15 @@
 KeepAliveTimeout 15
 
 #
+# UseCanonicalName: Determines how Apache constructs self-referencing 
+# URLs and the SERVER_NAME and SERVER_PORT variables.
+# When set "Off", Apache will use the Hostname and Port supplied
+# by the client.  When set "On", Apache will use the value of the
+# ServerName directive.
+#
+UseCanonicalName Off
+
+#
 # AccessFileName: The name of the file to look for in each directory
 # for additional configuration directives.  See also the AllowOverride 
 # directive.

Modified: httpd/httpd/branches/simple-conf/docs/conf/httpd.conf.in
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/simple-conf/docs/conf/httpd.conf.in?view=diff&r1=160594&r2=160595
==============================================================================
--- httpd/httpd/branches/simple-conf/docs/conf/httpd.conf.in (original)
+++ httpd/httpd/branches/simple-conf/docs/conf/httpd.conf.in Fri Apr  8 13:13:22 2005
@@ -97,19 +97,8 @@
 # it explicitly to prevent problems during startup.
 #
 # If your host doesn't have a registered DNS name, enter its IP address here.
-# You will have to access it by its address anyway, and this will make 
-# redirections work in a sensible way.
 #
 #ServerName www.example.com:80
-
-#
-# UseCanonicalName: Determines how Apache constructs self-referencing 
-# URLs and the SERVER_NAME and SERVER_PORT variables.
-# When set "Off", Apache will use the Hostname and Port supplied
-# by the client.  When set "On", Apache will use the value of the
-# ServerName directive.
-#
-UseCanonicalName Off
 
 #
 # DocumentRoot: The directory out of which you will serve your

Modified: httpd/httpd/branches/simple-conf/docs/manual/mod/core.xml
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/simple-conf/docs/manual/mod/core.xml?view=diff&r1=160594&r2=160595
==============================================================================
--- httpd/httpd/branches/simple-conf/docs/manual/mod/core.xml (original)
+++ httpd/httpd/branches/simple-conf/docs/manual/mod/core.xml Fri Apr  8 13:13:22 2005
@@ -2956,7 +2956,7 @@
 <description>Configures how the server determines its own name and
 port</description>
 <syntax>UseCanonicalName On|Off|DNS</syntax>
-<default>UseCanonicalName On</default>
+<default>UseCanonicalName Off</default>
 <contextlist><context>server config</context><context>virtual host</context>
 <context>directory</context></contextlist>
 

Modified: httpd/httpd/branches/simple-conf/server/core.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/simple-conf/server/core.c?view=diff&r1=160594&r2=160595
==============================================================================
--- httpd/httpd/branches/simple-conf/server/core.c (original)
+++ httpd/httpd/branches/simple-conf/server/core.c Fri Apr  8 13:13:22 2005
@@ -876,8 +876,8 @@
     d = (core_dir_config *)ap_get_module_config(r->per_dir_config,
                                                 &core_module);
 
-    if (d->use_canonical_name == USE_CANONICAL_NAME_OFF) {
-        return r->hostname ? r->hostname : r->server->server_hostname;
+    if (d->use_canonical_name == USE_CANONICAL_NAME_ON) {
+        return r->server->server_hostname;
     }
 
     if (d->use_canonical_name == USE_CANONICAL_NAME_DNS) {
@@ -895,7 +895,7 @@
     }
 
     /* default */
-    return r->server->server_hostname;
+    return r->hostname ? r->hostname : r->server->server_hostname;
 }
 
 /*



Mime
View raw message