You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Ruediger Pluem <rp...@apache.org> on 2011/12/21 13:57:59 UTC
Re: svn commit: r1221668 - in /httpd/httpd/trunk: CHANGES NWGNUmakefile
build/installwinconf.awk configure.in docs/conf/extra/httpd-policy.conf.in
docs/conf/httpd.conf.in modules/test/config.m4 modules/test/mod_policy.c
minfrin@apache.org wrote:
> Author: minfrin
> Date: Wed Dec 21 10:42:34 2011
> New Revision: 1221668
>
> URL: http://svn.apache.org/viewvc?rev=1221668&view=rev
> Log:
> mod_policy: Add a new testing module to help server administrators
> enforce a configurable level of protocol compliance on their
> servers and application servers behind theirs.
>
> Added:
> httpd/httpd/trunk/docs/conf/extra/httpd-policy.conf.in
> httpd/httpd/trunk/modules/test/mod_policy.c
> Modified:
> httpd/httpd/trunk/CHANGES
> httpd/httpd/trunk/NWGNUmakefile
> httpd/httpd/trunk/build/installwinconf.awk
> httpd/httpd/trunk/configure.in
> httpd/httpd/trunk/docs/conf/httpd.conf.in
> httpd/httpd/trunk/modules/test/config.m4
>
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/test/mod_policy.c?rev=1221668&view=auto
> ==============================================================================
> --- httpd/httpd/trunk/modules/test/mod_policy.c (added)
> +++ httpd/httpd/trunk/modules/test/mod_policy.c Wed Dec 21 10:42:34 2011
> +
> +static void handle_policy(request_rec *r, policy_result result,
> + const char *message, const char *url, apr_bucket_brigade *bb,
> + int status)
> +{
> + apr_bucket *e;
> +
> + switch (result) {
> + case policy_log: {
> + ap_log_rerror(
> + APLOG_MARK,
> + APLOG_WARNING,
> + 0,
> + r,
> + "mod_policy: violation: %s, uri: %s",
> + message, r->uri);
> + apr_table_addn(r->headers_out, "Warning", apr_psprintf(r->pool,
> + "299 %s \"%s\"", ap_get_server_name(r), message));
What is this 299 about?
> + break;
> + }
> + case policy_enforce: {
> +
> + ap_log_rerror(
> + APLOG_MARK,
> + APLOG_ERR,
> + 0,
> + r,
> + "mod_policy: violation, rejecting request: %s, uri: %s",
> + message, r->uri);
> + apr_table_addn(r->err_headers_out, "Warning", apr_psprintf(r->pool,
> + "299 %s \"Rejected: %s\"", ap_get_server_name(r), message));
See above
> + apr_table_setn(
> + r->notes, "error-notes",
> + apr_pstrcat(r->pool, url ? apr_pstrcat(r->pool, "<a href=\"",
> + url, "\">", NULL) : "", message, url ? "</a>" : "",
> + NULL));
> +
> + apr_brigade_cleanup(bb);
> + e = ap_bucket_error_create(status, NULL, r->pool,
> + r->connection->bucket_alloc);
> + APR_BRIGADE_INSERT_TAIL(bb, e);
> + e = apr_bucket_eos_create(r->connection->bucket_alloc);
> + APR_BRIGADE_INSERT_TAIL(bb, e);
> +
> + }
> + case policy_ignore: {
> + }
> + }
> +
Regards
RĂ¼diger
Re: svn commit: r1221668 - in /httpd/httpd/trunk: CHANGES NWGNUmakefile build/installwinconf.awk configure.in docs/conf/extra/httpd-policy.conf.in docs/conf/httpd.conf.in modules/test/config.m4 modules/test/mod_policy.c
Posted by Graham Leggett <mi...@sharp.fm>.
On 21 Dec 2011, at 5:48 PM, Ruediger Pluem wrote:
> Ahh. Thanks for the pointer. Missed that it got set as a Warning header. I thought
> that this string got logged :-). Hence my confusion.
> Anyway shouldn't we #define 299 to a selfspeaking name like other HTTP codes such that
> this is recognized faster by the code reader?
We currently don't (mod_cache being the biggest place we use warnings), but you're right, we should.
Ideally I'd like an API to set and test for warning codes, something like:
AP_DECLARE(void) ap_set_warning(request_rec *r, int code, const char *message);
AP_DECLARE(int) ap_is_warning(request_rec *r, int code);
Regards,
Graham
--
Re: svn commit: r1221668 - in /httpd/httpd/trunk: CHANGES NWGNUmakefile
build/installwinconf.awk configure.in docs/conf/extra/httpd-policy.conf.in
docs/conf/httpd.conf.in modules/test/config.m4 modules/test/mod_policy.c
Posted by Ruediger Pluem <rp...@apache.org>.
Graham Leggett wrote:
> On 21 Dec 2011, at 2:57 PM, Ruediger Pluem wrote:
>
>>> + apr_table_addn(r->headers_out, "Warning", apr_psprintf(r->pool,
>>> + "299 %s \"%s\"", ap_get_server_name(r), message));
>>
>> What is this 299 about?
>
> It's described in RFC2616:
>
> http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.46
Ahh. Thanks for the pointer. Missed that it got set as a Warning header. I thought
that this string got logged :-). Hence my confusion.
Anyway shouldn't we #define 299 to a selfspeaking name like other HTTP codes such that
this is recognized faster by the code reader?
Regards
RĂ¼diger
Re: svn commit: r1221668 - in /httpd/httpd/trunk: CHANGES NWGNUmakefile build/installwinconf.awk configure.in docs/conf/extra/httpd-policy.conf.in docs/conf/httpd.conf.in modules/test/config.m4 modules/test/mod_policy.c
Posted by Graham Leggett <mi...@sharp.fm>.
On 21 Dec 2011, at 2:57 PM, Ruediger Pluem wrote:
>> + apr_table_addn(r->headers_out, "Warning", apr_psprintf(r->pool,
>> + "299 %s \"%s\"", ap_get_server_name(r), message));
>
> What is this 299 about?
It's described in RFC2616:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.46
Regards,
Graham
--