httpd-test-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rodent of Unusual Size <Ken.C...@Golux.Com>
Subject Re: [franklin_tech_bulletins@yahoo.com: IBM AS/400 HTTP Server '/' attack]
Date Fri, 09 Nov 2001 20:08:28 GMT
"William A. Rowe, Jr." wrote:
> 
> Yes, and no.
> 
> Since the default handler doesn't glom onto trailing path_info,
> it doesn't get handled.  All 1.3 pages I tested _without_ SSI's
> enabled returned 404.

Irrelevant.  It is perfectly possible and acceptable to submit
path-info to a resource that cannot handle it (e.g., a text/plain
file).  If we return 404 for that, we are broken -- period.

> > Code for a 200 return, and a response body that matches the
> > document's correctly-rendered (as opposed to raw) content.
> 
> That would be a good convention, against an SSI page.

No, it is the correct answer, not a convention.

> The real issue is ending up with hundreds of robot hits (or goofy
> caching state) against a site with an infinite number of pages...

No, that is not the real issue.  The real issue is that we
are lying when we say 'not found'.  The robot hits issue is
separate and something of which to be aware and for which to
plan, but it does *not* dictate the correct behaviour of
the server.
-- 
#ken	P-)}

Ken Coar, Sanagendamgagwedweinini  http://Golux.Com/coar/
Author, developer, opinionist      http://Apache-Server.Com/

"All right everyone!  Step away from the glowing hamburger!"

Mime
View raw message