httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Bannert <aa...@clove.org>
Subject Re: UseCanonicalName considered harmful
Date Wed, 06 Feb 2002 16:18:26 GMT
On Wed, Feb 06, 2002 at 11:15:36AM -0500, Rodent of Unusual Size wrote:
> Ryan Bloom wrote:
> > 
> > > ServerName MyServer.Com
> > > Listen 10000
> > > Listen 20000
> > >   Canonical name should be: MyServer.Com:<port-used-by-the-request>
> > 
> > I agree with all of them up through this last one.  It's not that I
> > disagree with this, just that I'd be perfectly happy if the Canonical
> > name used 10000 or 20000 regardless of which port the request came in
> > on.
> 
> But if both are equally acceptable, I think we definitely need
> to err on the side of using the port the original request did.
> Consider the case of that port being explicitly punched through
> a firewall; by redirecting to a different port even though the
> original was valid, we may end up replying with a redirect the
> client can't reach.

It works both ways though (what if the external port maps to a different
internal port), and in the end I think second guessing the admin will
get us into trouble. Perhaps we should require the ServerName to have
a port when there are multiple Listen statements?

-aaron

p.s. I've encountered this exact misconfiguration before, and of course
it is made worse by the fact that it seems like it is working at first,
until someone hits a directory url without the trailing slash...*sigh*


Mime
View raw message