httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Sutton <p...@ukweb.com>
Subject Logging bad methods and URIs
Date Sat, 19 Apr 1997 21:23:32 GMT
Talking of missing log messages, Apache also returns an error but doesn't
log anything if the method or URI is invalid. For example, the following
do not show up in error_log:

   PUT ../poor/cracking/attempt HTTP/1.0
   SAFE-POST /new-method-apache-doesnt-support HTTP/1.2

This patch logs them all.

//pcs

Index: http_core.c
===================================================================
RCS file: /export/home/cvs/apache/src/http_core.c,v
retrieving revision 1.77
diff -c -r1.77 http_core.c
*** http_core.c	1997/04/12 04:24:56	1.77
--- http_core.c	1997/04/19 21:07:13
***************
*** 1265,1271 ****
      core_server_config *conf = get_module_config (sconf, &core_module);
    
      if (r->proxyreq) return HTTP_FORBIDDEN;
!     if ((r->uri[0] != '/') && strcmp(r->uri, "*")) return BAD_REQUEST;
      
      if (r->server->path &&
  	!strncmp(r->uri, r->server->path, r->server->pathlen) &&
--- 1265,1274 ----
      core_server_config *conf = get_module_config (sconf, &core_module);
    
      if (r->proxyreq) return HTTP_FORBIDDEN;
!     if ((r->uri[0] != '/') && strcmp(r->uri, "*")) {
! 	log_printf(r->server, "Invalid URI in request %s", r->the_request);
! 	return BAD_REQUEST;
!     }
      
      if (r->server->path &&
  	!strncmp(r->uri, r->server->path, r->server->pathlen) &&
***************
*** 1301,1307 ****
      r->allowed |= (1 << M_TRACE);
      r->allowed |= (1 << M_OPTIONS);
  
!     if (r->method_number == M_INVALID) return NOT_IMPLEMENTED;
      if (r->method_number == M_OPTIONS) return send_http_options(r);
      if (r->method_number == M_PUT) return METHOD_NOT_ALLOWED;
  
--- 1304,1313 ----
      r->allowed |= (1 << M_TRACE);
      r->allowed |= (1 << M_OPTIONS);
  
!     if (r->method_number == M_INVALID) {
! 	log_printf(r->server, "Invalid method in request %s", r->the_request);
! 	return NOT_IMPLEMENTED;
!     }
      if (r->method_number == M_OPTIONS) return send_http_options(r);
      if (r->method_number == M_PUT) return METHOD_NOT_ALLOWED;
  



Mime
View raw message