httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@Covalent.NET>
Subject Re: [PATCH] fix absoluteURI support and other things
Date Fri, 27 Feb 1998 13:39:32 GMT
This looks like a significant improvement Dean. I'll try to do some
real testing on this in the next 24 hours.

Dean Gaudet <dgaudet@arctic.org> writes:
> [This patch will include a mmn bump when committed.]
> 
> Presently apache 1.2 and 1.3 don't handle absoluteURIs in the same manner
> that they handle name or ip virtual hosts.  There is code duplication
> (with bugs), and there is a mixture of proxy specific code in the core. In
> particular the check_fulluri() function is wrong, and contains a DoS
> attack.
> 
> If you ignore absoluteURIs our configuration language takes the approach
> that no run-time DNS should be necessary.  This is a good approach... and
> so I'm extending it to absoluteURIs as well.  We now treat an absoluteURI
> that is not a proxy request as equivalent to a "Host:" header with the
> same contents.
> 
> To do this a few changes were made to request_rec.  r->hostlen was removed
> -- it was replaced by r->absolute_uri which is the functionality that is
> really needed.  r->absolute_uri is the complete, unmodified absoluteURI
> from the request if one was present; it is NULL otherwise.  We need the
> unmodified uri for proxying and we had kludges elsewhere to protect r->uri
> if r->proxyreq was set.  Adding r->absolute_uri removes those kludges.
> 
> That lets us delay setting r->proxyreq until the translate_names phase. 
> Which is when a proxy gets its hands on the request and declares if the
> request is actually a proxy request or not. 
> 
> While hacking on this I fixed a bunch of other related things.  In
> particular I added matches_request_vhost() which is used to remove code
> from mod_rewrite which did vhost matching (including another DoS because
> it would use DNS).  I merged in a memory/time saving patch for ServerAlias
> from Chia-liang Kao.  I made a few small tweaks to http_vhost.c.
> 
> I may have to tweak TRACE a bit more before I commit, but the rest of this
> I'm solid with.  It passes the newly enhanced vhost test suite.  The proxy
> still seems to work, and mod_rewrite seems to still work where I had to
> tweak it.
> 
> I don't know why someone would want to... but with this patch you can
> run a proxy inside a name-virtual host.  I'm not kidding.  I don't think
> we want to advertise that as a supported configuration...
> 
> I mentioned that I doing this work a few times in the past few weeks... I
> hope folks like the way I did it.  I'm closer to thinking that vhosts
> are done done done for good ;)
> 
> Dean
> 

Mime
View raw message