Return-Path: X-Original-To: apmail-httpd-dev-archive@www.apache.org Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D7564D04B for ; Tue, 6 Nov 2012 08:45:19 +0000 (UTC) Received: (qmail 41628 invoked by uid 500); 6 Nov 2012 08:45:19 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 41399 invoked by uid 500); 6 Nov 2012 08:45:18 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 41363 invoked by uid 99); 6 Nov 2012 08:45:17 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 06 Nov 2012 08:45:17 +0000 X-ASF-Spam-Status: No, hits=-2.3 required=5.0 tests=RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [188.40.99.202] (HELO eru.sfritsch.de) (188.40.99.202) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 06 Nov 2012 08:45:10 +0000 Received: from stf (helo=localhost) by eru.sfritsch.de with local-esmtp (Exim 4.72) (envelope-from ) id 1TVem8-00063x-2C for dev@httpd.apache.org; Tue, 06 Nov 2012 09:44:48 +0100 Date: Tue, 6 Nov 2012 09:44:48 +0100 (CET) From: Stefan Fritsch X-X-Sender: stf@eru.sfritsch.de To: dev@httpd.apache.org Subject: Re: New module mod_allowhandlers / Controlling script execution In-Reply-To: Message-ID: References: <201204212148.08114.sf@sfritsch.de> User-Agent: Alpine 2.00 (DEB 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Checked: Checked by ClamAV on apache.org Hi, On Sat, 21 Apr 2012, Jeff Trawick wrote: >> there is the problem that if modules like mod_status or >> mod_proxy_balancer are loaded, all people with permissions to create >> .httaccess files can use the status pages by using SetHandler in an >> .htaccess file. > > My 2 cents: > > SetHandler shouldn't be used to enable these because it requires an > unnecessary filesystem walk and only requires a very small amount of > code to implement a flag directive. Having ServerStatus On|Off > anywhere in the configuration would disable the check for r->handler > == "status-handler" (migration). I must admit that I haven't looked into why they use the handler for configuration. But my feeling is that we won't get rid of modules doing it this in the forseeable future. > Is the use of handler by these a feature though, such as needing to > let other modules generate these reports by some mechanism other than > using a subrequest for or redirecting to the location where it is > enabled? I don't know how smooth mod_allowhandler would be for that > anyway. It does the checks at the end of the fixup hook, which seems to work with the setups I could think of. But more testing is needed, of course. > There are other situations where mod_allowhandlers would be helpful, > but I think we could provide a simpler mechanism (flag) for the > several sensitive handlers in bundled modules. I think having it in trunk would be nice to find problems with this approach. Unless someone disagrees, I am going to commit it. Backport to 2.4 can wait until we are sure that it is a good solution. Cheers, Stefan