httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Malo>
Subject Re: [Patch] Be more selective on includes
Date Fri, 22 Nov 2002 00:34:38 GMT
* Thom May wrote:

> * André Malo ( wrote :
>> * Thom May wrote:
>>> This is in response to a debian bug request; basically it just tightens up
>>> the list of allowed characters, so we don't include .dotfiles and backups
>>> etc.
>>> Thoughts?
>> hmm. I don't like it. The most can easily be done with normal wildcard
>> matching. If your patch is applied and I have filenames (already), that
>> don't match the hardcoded (!) rules, I'm lost.
> OK, so Justin and I were just discussing this in the bar at apachecon, and
> I explained the use-case I was interested in, and why I wanted this patch:
> We have a directory tree containing vhosts:
> /etc/apache2/sites-enabled
> this contains file in this form:
> ...

ah ok, understand.
A workaround would be:

/etc/apache2/vhosts/ contains the config files and
/etc/apache2/sites-enabled/ contains (sym-)links to the enabled ones.

to be very safe, one can name the symlinks *.conf or similar and use 
wildcards to include them.

> So, I guess the second proposal would be to keep the behaviour my patch
> proposes, but add a SafeInclude on/off directive (defaulting to Off) to
> define whether you want the behaviour or not.

A Feature that can't be disabled is a bug ;-)
Seriously, I would like that - if configurable - but would then be +1 for 
defaulting to *On*, so the User can loosen the rules, if he's able to find 
the directive in the docs...

Another alternative would be a directive similar to the mod_autoindex 
IndexIgnore (e.g. IncludeIgnore). I think, that would be the most flexible 
way to handle the problem. (Proposed priority handling: IncludeIgnore 
overrides Include wildcards and directory includes, but *not* wildcard-free 

"Die Untergeschosse der Sempergalerie bleiben währenddessen aus
 statistischen Gründen geflutet." -- Spiegel Online

View raw message