httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <field...@kiwi.ics.uci.edu>
Subject Re: Problem with <Directory proxy:*> and ap_os_canonical_filename()
Date Tue, 26 Jan 1999 23:14:35 GMT
>When using a <Directory proxy:*> block to control access to the proxy,
>"proxy:*" is passed to ap_os_canonical_filename(). My OS/2 implementation of
>that function barfs on that (it's not a valid file name).
>
>So where should this special case be caught?

I'd guess it should be caught before doing any filename checks.

>On a related note I think ap_os_canonical_filename() needs to be able to
>return a failure status for when it's given a bogus file name. I can
>currently bomb out a server process in OS/2 by sending it
>
>GET /a>b.html HTTP/1.0
>
>This triggers the ap_assert(rc==0) in OS/2's ap_os_canonical_filename() due
>to the '>'. I guess the correct behaviour would be to return "400 Bad
>Request".

Or 403 Forbidden -- either would be reasonable.

....Roy

Mime
View raw message