tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Preißer <verlag.preis...@t-online.de>
Subject Some questions about Tomcat ISAPI Connector and its documentation
Date Sat, 10 Mar 2012 21:51:21 GMT
Hi all,

I have some questions about the documentation of the ISAPI Connector 1.2.32 (and about the
connector itself).


1. In the Reference Guide for IIS (http://tomcat.apache.org/connectors-doc/reference/iis.html),
the registry options are listed. For the option "enable_chunked_encoding" which controls if
chunked encoding is used, there is the note:

"This option is considered experimental and its support must be compile time enabled. Use
isapi_redirect.dll with chunked support enabled."

Is enabling chunked encoding still considered experimental? I'm using it since one year or
so on IIS 7 and never encountered any problems with it (besides one or two bugs which I reported
and got fixed). Also, I'm not sure if the phrase "its support must be compile time enabled"
currently still applies, as it seems that the binaries are always compiled with support for
chunked encoding since 1.2.30 or so.


I would consider chunked encoding support as a requirement for optimal performance, because
without supporting it, each time a response is sent to a client without knowing the Content-Length
in advance, the TCP connection has to be closed (and re-opened when another request should
be performed), which is why I always enable chunked encoding in the ISAPI connector.

If there are no problems with the chunked encoding reported, maybe the docs could be changed
to remove the "experimental" note? Maybe even the default value for  "enable_chunked_encoding"
in the connector itself could be changed from "false" to "true"? 


2. I observed that when a request is made to IIS which is mapped to Tomcat, and the request
path contains the string "WEB-INF", like
http://www.example.com/test/asdf/blahblah/blah/WEB-INF/blahbla/asdf
then the ISAPI connector logs a statement like this:

[Sat Mar 10 22:34:58.030 2012] [11744:10792] [emerg] handle_notify_event::jk_isapi_plugin.c
(1997): [/test/asdf/blahblah/blah/WEB-INF/blahbla/asdf] points to the web-inf or meta-inf
directory. Somebody tries to hack into the site!!!

If I remember correctly, in some earlier versions of the ISAPI connector (or IIS), in such
cases the TCP connection from IIS to the client would also be closed without any reply; however,
in the current version, a 404 reply is sent from the ISAPI connector.

I'm wondering why the ISAPI redirector checks if "WEB-INF" is occurring in the path, because
Tomcat seems to already check if a request is made to the WEB-INF or META-INF directory of
an web application, and if so, sends back a normal 404 response. Is this a kind of relict
from earlier times? Because I would expect that the ISAPI redirector just passes the request
to Tomcat and let Tomcat decide how requests to forbidden directories are handled, without
writing an "emergency" log entry. 


Thanks!

Regards,
Konstantin Preißer


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message