Return-Path: 
 <dev-return-36449-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 65253 invoked by uid 500); 27 Feb 2003 17:19:25 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
list-post: <mailto:dev@httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 65178 invoked from network); 27 Feb 2003 17:19:24 -0000
From: =?ISO-8859-1?Q?Andr=E9?= Malo <nd@perlig.de>
Subject: Re: PR 17462: let mod_rewrite hard limit its internal redirects
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Organization: TIMTOWTDI
References: <n2m-g.1m96ynql2kxm3ndparker@news.perlig.de>
 <n2m-g.1m96ynql2kxm3ndparker@news.perlig.de>
 <20030227153057.GA26998@toftum.dk>
Date: Thu, 27 Feb 2003 18:17:57 +0100
To: dev@httpd.apache.org
Message-ID: <n2m-g.11bilad3jl3oondparker@news.perlig.de>
User-Agent: Yes!
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

* Mads Toftum wrote:

> On Thu, Feb 27, 2003 at 03:07:31PM +0100, Andr=E9 Malo wrote:
>> RewriteOptions MaxRedirects=3Dx
>>
>> where x defaults to 10 or so.
>> mod_rewrite could store that value in r->request_config. If it's exceede=
d,
>> a config error is assumed and an error logged. The response should be 50=
0
>> then.

> Generally I like the idea, but I'm a bit wary about setting a default val=
ue
> other than unlimited because it could break existing configs.

hmm, the idea behind is actually to break the configs (anyway) to prevent=
=20
the server from crashing. 10 internal redirects are already a lot ones. But=
=20
however, we could let it default to, 20, 50 or 100. I don't believe that=20
such a high value would break any config (it's probably already broken then=
=20
...). YMMV. Some more opinions about that point are welcome.

> The other
> thing I'm not quite sure about is how you would make this work for rules
> in .htaccess? (but I may be missing something)

It's actually only interesting for .htaccess files (resp. directory=20
context). Because the rules there are handled in the fixup hook (+=20
redirect-handler) which causes mostly internal redirects. In server context=
=20
the rules are handled in the translate_name hook and don't issue an=20
internal redirect.

So, to be more exact, the implementation would be: mod_rewrite counts every=
=20
time it runs the redirect-handler and after $limit it refuses to run it=20
again with a 500 + errorlog entry.

Breaking existing configs with a limit of, for instance, 10 would mean, you=
=20
have .htaccess(!)-configs that let the server run ten times into a rule=20
that issues an internal redirect to elsewhere. While processing _one_=20
request - wow!

nd
--=20
>kann mir jemand sagen, was genau @-Domains sind?
Ein Mythos. Ein Werbetrick. Verarsche. Nenn es wie du willst...

                 -- Alexandra Buss und Bj=F6rn H=F6hrmann in dciwam