httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Querna <c...@force-elite.com>
Subject Re: internal dummy connection again
Date Mon, 05 Mar 2007 19:57:05 GMT
Karl Chen wrote:
....
> Would it be possible to connect to a non-SSL port, if possible, so
> at least the string "internal dummy connection" shows up?
> 
> Even better would be to not show that string at all.  When I
> connect to httpd and close the connection without sending
> anything,

Not sending anything will not pop you out of an accept() on *BSD where
an HTTP accept filter is active:
http://www.freebsd.org/cgi/man.cgi?query=accf_http

This is the only way to make it work on all platforms.  The preferred
fix is of course to not need it at all.  But that has other difficulties
with the current listener model.

One solution is to look at supporting SSL in the loopback hack client,
just so things get logged correctly.

> I don't get any log entries.  Would that work for
> dummy_connection() also?  If that won't work, would it be possible
> to arrange something like: a receipt of "NOOP\r\n" on
> (ip6-)?localhost:* is ignored without logging (unless configured
> otherwise).
> 

Well, we can't just ignore them, since then an attacker could use them,
and the default config wouldn't log them. (Yes, Ugh).

So, this is all in bugzilla already:
http://issues.apache.org/bugzilla/show_bug.cgi?id=39653
http://issues.apache.org/bugzilla/show_bug.cgi?id=41191

-Paul

Mime
View raw message