httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Stein <gst...@lyra.org>
Subject [PATCH] fear the hack!
Date Fri, 17 Sep 1999 11:11:44 GMT
Hey all,

I have been working on setting up a new server and wanted to move from
IP-based vhosts to Name-based vhosts (I'm a bit more restricted on IPs
at my new location). Well... I ran into a difficulty with the handling
of old browsers that don't support the Host: header.

Let's say that a client hits your server and it gets handled by the
"default Named vhost" since no Host header was present. The Apache docs
have some nifty things to rewrite the URL and do various oddball things
to try and get the request to the correct location. Not too bad, but the
URL munging happens *way* too late. Specifically, r->server never gets
updated, many of the phases have already been run, etc. It seems that it
would only work for Named vhosts that are completely static pages.

My solution was to introduce a new (core) server-level directive that I
called CompatMunging (a boolean). When this is enabled, Apache looks for
a URL of the form:

  http://unknownhost/redir/host.name/path

and (internally) rewrites this to make Apache believe that it received:

  http://host.name/path

This was done in the ap_parse_uri() function, which is called right at
the point that Apache is processing the initial request line. i.e.
*very* early.

As a result, Apache chugs along merrily believing that it received a
"proper" request. All of the various modules, handlers, etc are
processed normally.

The big gotcha, of course, is in the vhosts' web pages. If a page has a
reference such as:

  <a href="/somedir/somepage.html">

this will choke since the /redir/ thing gets left off. No big deal for
me... the web pages can simply be updated to use as many relative
references as possible. Also, we're talking about *support* rather than
the cleanest solution possible. This means people can at least support
vhosting and old browsers, if a bit painful at times.

The last part was creating an error document that comes up when a person
does a request without the /redir/. The error document is a
server-parsed doc which presents a list of options for the browser. The
user can then click the right one, and the /redir/ is properly inserted.

My test config looks something like this:

NameVirtualHost ww.xx.yy.zz

<virtualhost ww.xx.yy.zz>
  CompatMunging On
  ServerName compat.lyra.org
  DocumentRoot /home/gstein/compat

  <Directory />
    AllowOverride None
    Options IncludesNoExec
  </Directory>

  ErrorDocument 404 /err404.shtml

  AddType text/html .shtml
  AddHandler server-parsed .shtml
</virtualhost>

<virtualhost ww.xx.yy.zz>
  ServerName test.lyra.org
  DocumentRoot /home/gstein/public_html
</virtualhost>

I've attached the err404.shtml sample and the patch to Apache. This
applies to 1.3.10-dev, sync'd at some point; it shouldn't have any
problem applying.

Anyhow... this patch isn't so much for immediate inclusion into Apache,
but I'd like people's thoughts on this topic. Is it worthwhile for us to
"really" solve this problem? Any big problems people see with this
approach?

thx!
-g

--
Greg Stein, http://www.lyra.org/

Mime
View raw message