httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Greg Ames <grega...@remulak.net>
Subject Re: infinite recursive subrequests
Date Fri, 05 Oct 2001 16:41:26 GMT
Greg Ames wrote:
> 
> ...well, at least until my ulimit of 1024 open file descriptors kicks
> in.
> 
> setup: DocumentRoot contains /index.html, mod_negotiation is built in,
> Options MultiViews is coded in the config file.  Directory
> <doc_root>/index/ does not exist.
> 
> URI: /index/garbage/trash (the /trash on the end is probably irrelevant)

> It seems like this code is confused about what the base part of the
> desired pathname is, and uses only the part that exists (doc_root) in
> the code that opens the directory.  This is wrong.  Since neg->dir_name
> isn't the same as the desired pathname up to the last slash, some code
> must have already detected a problem, but didn't kill the request.  Or
> shouldn't the request die in directory_walk?

uggggh, I'm afraid this situation is not as straight forward as I
thought when I wrote that.

When I set up my ThinkPad to replicate the apache.org website, I decided
to ignore the bug database at first.  So I simply commented out the
bugs.apache.org VirtualHost definitions in my config file, and expect to
get errors for the bugs db URLs.  The latest chuck of daedalus's
production log I'm using for replay testing had a GET for
http://bugs.apache.org/index/full/3807 .  When the vhost lookup fails on
my TP, we set r->hostname to dev.apache.org, which is the first vhost. 
(seems odd, but that's a different issue.)  In dev.apache.org's
doc_root, the only thing that matches index* is index.html , and I get
the subrequest recursion problem.

But on daedalus, /www/bugs.apache.org/ contains index.cgi .  /index from
the URI matches the index.cgi file, and the rest of the URI seems to be
used as parms for the cgi.  Therefore knowing where the last slash is in
the URI is insufficient to determine what's a directory and what's not,
and the fuzzy search for index* in doc_root is necessary to locate a
potential cgi.

I suppose I could come up with a patch for mod_negotiation to abort the
request if it's about to run a subrequest which will be identical to the
current request.  But that feels like an incomplete Band-Aid.  If I had
both index.html and index.cgi in doc_root (eewww! gross!!  maybe this
should just be banned), it seems like the .cgi could be a legitimate
match if it maps to an actual cgi, but the .html could not if it is
simply a static file.  Therefore, it should be OK to run one
non-recursive subrequest for index.html, and learn that is just an
ordinary file which cannot match the original URI, then try index.cgi
assuming it exists in the directory.

Since this is so messy, I'd like to see what happens with 2.0.24 to see
if this is recent breakage.

Greg

Mime
View raw message