You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Marc Slemko <ma...@worldgate.com> on 1998/01/13 21:34:17 UTC
yet another possible IE4 HTTP/1.1 bug that I haven't heard about...
---------- Forwarded message ----------
Date: Tue, 13 Jan 1998 13:33:49 -0700 (MST)
From: Marc Slemko <ma...@znep.com>
To: marcs@valis.worldgate.com
Subject: no-chunked content with apache 1.2.4 (Transfert-encoding)
>Path: scanner.worldgate.com!news.maxwell.syr.edu!newsfeed.nacamar.de!univ-lyon1.fr!pasteur.fr!jussieu.fr!news.edf.fr!not-for-mail
>From: bruno pennec <br...@der.edfgdf.fr>
>Newsgroups: comp.infosystems.www.servers.unix
>Subject: Re: no-chunked content with apache 1.2.4 (Transfert-encoding)
>Date: Tue, 13 Jan 1998 17:07:01 +0100
>Organization: EDF-DER
>Lines: 23
>Message-ID: <34...@der.edfgdf.fr>
>References: <34...@der.edfgdf.fr> <69...@scanner.worldgate.com>
>NNTP-Posting-Host: cli53as.der.edf.fr
>Mime-Version: 1.0
>Content-Type: text/plain; charset=us-ascii
>Content-Transfer-Encoding: 7bit
>X-Mailer: Mozilla 4.03 [en] (X11; I; SunOS 5.5.1 sun4u)
>Xref: scanner.worldgate.com comp.infosystems.www.servers.unix:37340
Marc Slemko wrote:
> >I use apache 1.2.4 with some virtual hosts.
>
> >I receive documents from the server as follow :
> > 1. Transfer-encoding set to chunked when it is the result of a CGI
> > 2. No encoding set when it is static document
>
> >what settings must i do in apache configuration to suppress
> >the Transfer-encoding in the first case ?
>
> You don't. Why do you want to? If you are making HTTP/1.1 requests,
> you must be able to handle chunked encoding. It is far more efficient
> in this case because it allows for persistent connections.
>
> If you can't handle chunked encoding, don't make HTTP/1.1 requests.
For automatic proxy configuration (config.pac), IE 4 asks for a HTTP/1.1 request
and seems not understand apache when the response is chunked.
Re: yet another possible IE4 HTTP/1.1 bug that I haven't heard about...
Posted by Dean Gaudet <dg...@arctic.org>.
On Tue, 13 Jan 1998, Marc Slemko wrote:
> I think broken clients will likely cuase more of these in the future, and
> _ is ugly.
We already have to use _ for all the HTTP_ variables in things like
mod_rewrite rules. Not that this is the only place our configuration
"language" is self-contradictory. These sorts of differences make it
really hard for users to know what to use where.
Dean
Re: yet another possible IE4 HTTP/1.1 bug that I haven't heard about...
Posted by Marc Slemko <ma...@worldgate.com>.
On Tue, 13 Jan 1998, Dean Gaudet wrote:
>
>
> On Tue, 13 Jan 1998, Marc Slemko wrote:
>
> > '_' is an ugly thing to use everywhere, there are a number of variables
> > that have to be dealt with, very few people use the variables in the env,
> > and there is precedent for changing - to _ in variable names.
>
> There are exactly two variables that we define. The user can fix their
I think broken clients will likely cuase more of these in the future, and
_ is ugly.
> own definitions if they have any.
How will they know to fix them unless we put special case code in to warn
about them using obsolete settings? I just don't see the harm in munging
it.
>
> Is '.' allowed in environment variables?
bash sez:
name A word consisting only of alphanumeric characters
and underscores, and beginning with an alphabetic
character or an underscore. Also referred to as an
identifier.
[...]
PARAMETERS
A parameter is an entity that stores values, somewhat like
a variable in a conventional programming language. It can
be a name, a number, or one of the special characters
listed below under Special Parameters. For the shell's
purposes, a variable is a parameter denoted by a name.
so in theory we should munge anything else...
It is allowed in the variables, of course, just not the name.
Re: yet another possible IE4 HTTP/1.1 bug that I haven't heard about...
Posted by Dean Gaudet <dg...@arctic.org>.
Nevermind, I'll agree with you guys because I think I've found another
potential security hole. Details and patch in a few.
Dean
On Tue, 13 Jan 1998, Dean Gaudet wrote:
>
>
> On Tue, 13 Jan 1998, Marc Slemko wrote:
>
> > '_' is an ugly thing to use everywhere, there are a number of variables
> > that have to be dealt with, very few people use the variables in the env,
> > and there is precedent for changing - to _ in variable names.
>
> There are exactly two variables that we define. The user can fix their
> own definitions if they have any.
>
> Is '.' allowed in environment variables?
>
> Dean
>
>
Re: yet another possible IE4 HTTP/1.1 bug that I haven't heard about...
Posted by Dean Gaudet <dg...@arctic.org>.
On Tue, 13 Jan 1998, Marc Slemko wrote:
> '_' is an ugly thing to use everywhere, there are a number of variables
> that have to be dealt with, very few people use the variables in the env,
> and there is precedent for changing - to _ in variable names.
There are exactly two variables that we define. The user can fix their
own definitions if they have any.
Is '.' allowed in environment variables?
Dean
Re: yet another possible IE4 HTTP/1.1 bug that I haven't heard about...
Posted by Marc Slemko <ma...@worldgate.com>.
On Tue, 13 Jan 1998, Dean Gaudet wrote:
> Can't we just make a clean change in 1.3 ? People have to touch their
> config files anyhow. I'd rather not kludge it.
I don't see it as a kludge given that it is just an extension of the
"normal" world.
HTTP headers are converted into environment variables, and have -
converted to _. People are very used to that.
All this does is extend that to other
things-which-shalt-be-turned-into-env-variables.
'_' is an ugly thing to use everywhere, there are a number of variables
that have to be dealt with, very few people use the variables in the env,
and there is precedent for changing - to _ in variable names.
>
> Dean
>
> On Tue, 13 Jan 1998, Marc Slemko wrote:
>
> > On Tue, 13 Jan 1998, Dean Gaudet wrote:
> >
> > >
> > >
> > > On Tue, 13 Jan 1998, Marc Slemko wrote:
> > >
> > > > >
> > > > > There's a possibility it's being tickled by the bputc bug that is patched
> > > > > in 1.3 and is still waiting votes in 1.2. (hint!)
> > > >
> > > > Mmm. I'll perhaps look at it the next time I'm dumb enough to boot into
> > > > NT. This is with a CGI that the problem shows up...
> > >
> > > Ah right, no bputc() there. Oh well. The patch is still needed in 1.2
> > > though.
> > >
> > > I guess folks will just have to continue using downgrade-1.0 and crud like
> > > that. BTW we should rename downgrade-1.0 for those lusers that write CGIs
> > > with /bin/sh.
> >
> > I'm not sure we want to go around renaming them all.
> >
> > We could, however, do like we do for HTTP headers and s/-/_/g for the env
> > variables...
> >
> >
>
Re: yet another possible IE4 HTTP/1.1 bug that I haven't heard about...
Posted by Dean Gaudet <dg...@arctic.org>.
Gee what a great use for a veto. To make an issue stagnant for even
longer.
So, for two variables: downgrade-1.0 and force-response-1.0 we kludge the
server with extra code, which is quite easy to get wrong and miss a case
here or there.
Sounds logical to me. (Yes Alexei, this *is* sarcasm.)
I personally like dashes as well, which is why we're in this situation (I
wrote the patch which introduced those). However they have no place in
the environment.
Dean
On Tue, 13 Jan 1998, Alexei Kosut wrote:
> On Tue, 13 Jan 1998, Dean Gaudet wrote:
>
> > Can't we just make a clean change in 1.3 ? People have to touch their
> > config files anyhow. I'd rather not kludge it.
>
> I'd perfer Marc's fix, regardless of anything else. Any valid Apache
> environment variable name should be able to be passed through /bin/sh
> somehow without problems. So either we add code to reject a dash
> everywhere (which is impossible, btw, without changing each individual
> module - unless table_set() is changed somehow, which is a bad idea), or
> we just change - into _ when creating a script environment.
>
> -1 on any solution that doesn't address this issue (that includes yours,
> Dean)
>
> (Because personally, I really like dashes)
>
> -- Alexei Kosut <ak...@stanford.edu> <http://www.stanford.edu/~akosut/>
> Stanford University, Class of 2001 * Apache <http://www.apache.org> *
>
>
>
Re: yet another possible IE4 HTTP/1.1 bug that I haven't heard about...
Posted by Alexei Kosut <ak...@leland.Stanford.EDU>.
On Tue, 13 Jan 1998, Dean Gaudet wrote:
> Can't we just make a clean change in 1.3 ? People have to touch their
> config files anyhow. I'd rather not kludge it.
I'd perfer Marc's fix, regardless of anything else. Any valid Apache
environment variable name should be able to be passed through /bin/sh
somehow without problems. So either we add code to reject a dash
everywhere (which is impossible, btw, without changing each individual
module - unless table_set() is changed somehow, which is a bad idea), or
we just change - into _ when creating a script environment.
-1 on any solution that doesn't address this issue (that includes yours,
Dean)
(Because personally, I really like dashes)
-- Alexei Kosut <ak...@stanford.edu> <http://www.stanford.edu/~akosut/>
Stanford University, Class of 2001 * Apache <http://www.apache.org> *
Re: yet another possible IE4 HTTP/1.1 bug that I haven't heard about...
Posted by Dean Gaudet <dg...@arctic.org>.
Can't we just make a clean change in 1.3 ? People have to touch their
config files anyhow. I'd rather not kludge it.
Dean
On Tue, 13 Jan 1998, Marc Slemko wrote:
> On Tue, 13 Jan 1998, Dean Gaudet wrote:
>
> >
> >
> > On Tue, 13 Jan 1998, Marc Slemko wrote:
> >
> > > >
> > > > There's a possibility it's being tickled by the bputc bug that is patched
> > > > in 1.3 and is still waiting votes in 1.2. (hint!)
> > >
> > > Mmm. I'll perhaps look at it the next time I'm dumb enough to boot into
> > > NT. This is with a CGI that the problem shows up...
> >
> > Ah right, no bputc() there. Oh well. The patch is still needed in 1.2
> > though.
> >
> > I guess folks will just have to continue using downgrade-1.0 and crud like
> > that. BTW we should rename downgrade-1.0 for those lusers that write CGIs
> > with /bin/sh.
>
> I'm not sure we want to go around renaming them all.
>
> We could, however, do like we do for HTTP headers and s/-/_/g for the env
> variables...
>
>
Re: yet another possible IE4 HTTP/1.1 bug that I haven't heard about...
Posted by Marc Slemko <ma...@worldgate.com>.
On Tue, 13 Jan 1998, Dean Gaudet wrote:
>
>
> On Tue, 13 Jan 1998, Marc Slemko wrote:
>
> > >
> > > There's a possibility it's being tickled by the bputc bug that is patched
> > > in 1.3 and is still waiting votes in 1.2. (hint!)
> >
> > Mmm. I'll perhaps look at it the next time I'm dumb enough to boot into
> > NT. This is with a CGI that the problem shows up...
>
> Ah right, no bputc() there. Oh well. The patch is still needed in 1.2
> though.
>
> I guess folks will just have to continue using downgrade-1.0 and crud like
> that. BTW we should rename downgrade-1.0 for those lusers that write CGIs
> with /bin/sh.
I'm not sure we want to go around renaming them all.
We could, however, do like we do for HTTP headers and s/-/_/g for the env
variables...
Re: yet another possible IE4 HTTP/1.1 bug that I haven't heard about...
Posted by Dean Gaudet <dg...@arctic.org>.
On Tue, 13 Jan 1998, Marc Slemko wrote:
> >
> > There's a possibility it's being tickled by the bputc bug that is patched
> > in 1.3 and is still waiting votes in 1.2. (hint!)
>
> Mmm. I'll perhaps look at it the next time I'm dumb enough to boot into
> NT. This is with a CGI that the problem shows up...
Ah right, no bputc() there. Oh well. The patch is still needed in 1.2
though.
I guess folks will just have to continue using downgrade-1.0 and crud like
that. BTW we should rename downgrade-1.0 for those lusers that write CGIs
with /bin/sh.
Dean
Re: yet another possible IE4 HTTP/1.1 bug that I haven't heard about...
Posted by Marc Slemko <ma...@worldgate.com>.
On Tue, 13 Jan 1998, Dean Gaudet wrote:
> There's an IE4.0 checkbox which says "make HTTP/1.0 requests to proxies".
> At least there was the last time I used it... and that checkbox was the
> main reason that microsoft never tested the preview releases against
> apache servers in the live world... 'cause their developers were hidden
> behind proxies, and making 1.0 requests.
But this isn't a proxy it is talking to. It is just getting the
autoconfig file from an origin server that says what proxy to talk to,
which may happen to be the same as the origin server.
>
> There's a possibility it's being tickled by the bputc bug that is patched
> in 1.3 and is still waiting votes in 1.2. (hint!)
Mmm. I'll perhaps look at it the next time I'm dumb enough to boot into
NT. This is with a CGI that the problem shows up...
>
> Dean
>
> On Tue, 13 Jan 1998, Marc Slemko wrote:
>
> >
> >
> > ---------- Forwarded message ----------
> > Date: Tue, 13 Jan 1998 13:33:49 -0700 (MST)
> > From: Marc Slemko <ma...@znep.com>
> > To: marcs@valis.worldgate.com
> > Subject: no-chunked content with apache 1.2.4 (Transfert-encoding)
> >
> >
> > >Path: scanner.worldgate.com!news.maxwell.syr.edu!newsfeed.nacamar.de!univ-lyon1.fr!pasteur.fr!jussieu.fr!news.edf.fr!not-for-mail
> > >From: bruno pennec <br...@der.edfgdf.fr>
> > >Newsgroups: comp.infosystems.www.servers.unix
> > >Subject: Re: no-chunked content with apache 1.2.4 (Transfert-encoding)
> > >Date: Tue, 13 Jan 1998 17:07:01 +0100
> > >Organization: EDF-DER
> > >Lines: 23
> > >Message-ID: <34...@der.edfgdf.fr>
> > >References: <34...@der.edfgdf.fr> <69...@scanner.worldgate.com>
> > >NNTP-Posting-Host: cli53as.der.edf.fr
> > >Mime-Version: 1.0
> > >Content-Type: text/plain; charset=us-ascii
> > >Content-Transfer-Encoding: 7bit
> > >X-Mailer: Mozilla 4.03 [en] (X11; I; SunOS 5.5.1 sun4u)
> > >Xref: scanner.worldgate.com comp.infosystems.www.servers.unix:37340
> >
> > Marc Slemko wrote:
> >
> > > >I use apache 1.2.4 with some virtual hosts.
> > >
> > > >I receive documents from the server as follow :
> > > > 1. Transfer-encoding set to chunked when it is the result of a CGI
> > > > 2. No encoding set when it is static document
> > >
> > > >what settings must i do in apache configuration to suppress
> > > >the Transfer-encoding in the first case ?
> > >
> > > You don't. Why do you want to? If you are making HTTP/1.1 requests,
> > > you must be able to handle chunked encoding. It is far more efficient
> > > in this case because it allows for persistent connections.
> > >
> > > If you can't handle chunked encoding, don't make HTTP/1.1 requests.
> >
> > For automatic proxy configuration (config.pac), IE 4 asks for a HTTP/1.1 request
> > and seems not understand apache when the response is chunked.
> >
> >
> >
> >
> >
>
Re: yet another possible IE4 HTTP/1.1 bug that I haven't heard about...
Posted by Dean Gaudet <dg...@arctic.org>.
There's an IE4.0 checkbox which says "make HTTP/1.0 requests to proxies".
At least there was the last time I used it... and that checkbox was the
main reason that microsoft never tested the preview releases against
apache servers in the live world... 'cause their developers were hidden
behind proxies, and making 1.0 requests.
There's a possibility it's being tickled by the bputc bug that is patched
in 1.3 and is still waiting votes in 1.2. (hint!)
Dean
On Tue, 13 Jan 1998, Marc Slemko wrote:
>
>
> ---------- Forwarded message ----------
> Date: Tue, 13 Jan 1998 13:33:49 -0700 (MST)
> From: Marc Slemko <ma...@znep.com>
> To: marcs@valis.worldgate.com
> Subject: no-chunked content with apache 1.2.4 (Transfert-encoding)
>
>
> >Path: scanner.worldgate.com!news.maxwell.syr.edu!newsfeed.nacamar.de!univ-lyon1.fr!pasteur.fr!jussieu.fr!news.edf.fr!not-for-mail
> >From: bruno pennec <br...@der.edfgdf.fr>
> >Newsgroups: comp.infosystems.www.servers.unix
> >Subject: Re: no-chunked content with apache 1.2.4 (Transfert-encoding)
> >Date: Tue, 13 Jan 1998 17:07:01 +0100
> >Organization: EDF-DER
> >Lines: 23
> >Message-ID: <34...@der.edfgdf.fr>
> >References: <34...@der.edfgdf.fr> <69...@scanner.worldgate.com>
> >NNTP-Posting-Host: cli53as.der.edf.fr
> >Mime-Version: 1.0
> >Content-Type: text/plain; charset=us-ascii
> >Content-Transfer-Encoding: 7bit
> >X-Mailer: Mozilla 4.03 [en] (X11; I; SunOS 5.5.1 sun4u)
> >Xref: scanner.worldgate.com comp.infosystems.www.servers.unix:37340
>
> Marc Slemko wrote:
>
> > >I use apache 1.2.4 with some virtual hosts.
> >
> > >I receive documents from the server as follow :
> > > 1. Transfer-encoding set to chunked when it is the result of a CGI
> > > 2. No encoding set when it is static document
> >
> > >what settings must i do in apache configuration to suppress
> > >the Transfer-encoding in the first case ?
> >
> > You don't. Why do you want to? If you are making HTTP/1.1 requests,
> > you must be able to handle chunked encoding. It is far more efficient
> > in this case because it allows for persistent connections.
> >
> > If you can't handle chunked encoding, don't make HTTP/1.1 requests.
>
> For automatic proxy configuration (config.pac), IE 4 asks for a HTTP/1.1 request
> and seems not understand apache when the response is chunked.
>
>
>
>
>