httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Bannert <>
Subject Re: UseCanonicalName considered harmful
Date Wed, 06 Feb 2002 16:18:26 GMT
On Wed, Feb 06, 2002 at 11:15:36AM -0500, Rodent of Unusual Size wrote:
> Ryan Bloom wrote:
> > 
> > > ServerName MyServer.Com
> > > Listen 10000
> > > Listen 20000
> > >   Canonical name should be: MyServer.Com:<port-used-by-the-request>
> > 
> > I agree with all of them up through this last one.  It's not that I
> > disagree with this, just that I'd be perfectly happy if the Canonical
> > name used 10000 or 20000 regardless of which port the request came in
> > on.
> But if both are equally acceptable, I think we definitely need
> to err on the side of using the port the original request did.
> Consider the case of that port being explicitly punched through
> a firewall; by redirecting to a different port even though the
> original was valid, we may end up replying with a redirect the
> client can't reach.

It works both ways though (what if the external port maps to a different
internal port), and in the end I think second guessing the admin will
get us into trouble. Perhaps we should require the ServerName to have
a port when there are multiple Listen statements?


p.s. I've encountered this exact misconfiguration before, and of course
it is made worse by the fact that it seems like it is working at first,
until someone hits a directory url without the trailing slash...*sigh*

View raw message