httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ralf S. Engelschall" <...@en.muc.de>
Subject Re: Some questions regarding the API for mod_rewrite
Date Wed, 10 Jul 1996 12:25:11 GMT
On 8 Jul 1996 19:09:04 +0200 in en.lists.apache-new-httpd you wrote:

> I'll have to think for a bit about whether there are nasty security
> implications of per-directory aliases (I'll simply note for the moment
> that wherever FollowSymLinks is off, these things should *definitely*
> be disabled as well).  Commenting only on the implementation, as Ralf
> describes it:

Hmmm... ok, this seems useful. Is the following approach useful:

    In per-server config (httpd.conf):

    rewrite engine is off per default and have to be explicitly enabled with
    "RewriteEngine On". This should prevent the module from doing anything
    the admin don't wanted.  Or in other words: The admin should know that he
    enabled the rewrite engine.

    In per-directory config (.htaccess):

    rewrite engine per default corresponds with FollowSymLinks, i.e.  if no
    FollowSymLinks, engine is off; if FollowSymLinks the engine is on. But at
    any time the user can also explicitly change the state with the
    "RewriteEngine" command!

What do you mean?

BTW: What is the correct way to check for the FollowSymLinks option?
     check_symlinks()?
     direkt compare OPT_SYM_LINKS?

>[...]
> It would probably be preferable to do something like this:

>             - set r->finfo to the result of the stat
>             - save the URI to be redirected to in the per-module entry
>               of r->request_config.  That is:
>                    set_module_config (r->request_config, &mymodule, ...);
>             - set r->handler to a handler which does the internal_redirect.
>             - return OK

> This makes sure that "internal_redirect" only is called from a response
> handler, which is really the only way it's intended to run.    

Ok, that is exactly thetype of information I need. I will change mod_rewrite
according to this hints. Thanks for helping me!

Greetings,
                                        Ralf S. Engelschall    
                                        rse@en.muc.de
                                        http://www.muc.de/~rse

Mime
View raw message