On Wed, 2001-09-12 at 19:22, William A. Rowe, Jr. wrote:
> From: "Ian Holsman" <[EMAIL PROTECTED]>
> Sent: Wednesday, September 12, 2001 6:48 PM
>
>
> > Ryan Bloom wrote:
> >
> > > On Wednesday 12 September 2001 03:48 pm, Ian Holsman wrote:
> > >
> > >>one of the guys over here stumbled over a map_to_storage gotcha/bug.
> > >>
> > >>the problem is that in the default httpd.conf file the 'Options' is
> > >>in a 'Directory'. Now if the page is not served from the file system
> > >>mod_jk/mod_proxy then the 'Options' directory config is not run.
> > >>(and the default option was set to 'ALL')
> > >>
> > >>the change should be something like this perhaps (haven't checked it for
> > >>validity)
> > >>or at least change the 'Options' to be in a <Location /> tag
> > >>
> > >
> > > Changing this in the config is the wrong solution IMHO. We need to fix the
> > > logic to not break in situations that used to work. I would prefer to fix the
> > > problem in the code, than to band-aid it and have to suffer with the user
> > > complaints later.
> >
> >
> > true. It needs to be fixed in the code as well.
> >
> > but should this stuff be on a physical location (directory) or a logical location
> > (location).
>
> Guys, forget I committed anything.
>
> If you are so narrow-focused that we aren't ready to deal with non-filesystem
> Options v.s. Root/htdocs Options, then let's revert the entire set of patches.
>
um.. no
I like the map_to_storage.
It will increase performance significantly for us, and will make our
design easier for our custom modules.
I keep on pointing out problems with map_to_storage because I keep on
running into them when I am handling reverse proxying (a major component
in our web design)
I am in no way suggesting to remove this hook.
> The behavior you observe is neither a bug nor a misconfiguration. Global Options
> should have (always) been set on <Location />. Filesystem Global Options should
> have (always) have been set on <Directory /> (at least since the patch for win32
> and relatives to allow even d:/ to be affected by Directory "/").
the problem is that in the standard httpd-std.conf the configuration is
done in @@Serveroot@@/htdoc directory instead of Location "/"
the way the current configuration 'out of the box' would not work
properly for people serving pages off non-filebased systems.
What I am suggesting is to move some of these configurations to
<Location /> where they belong.
(BTW.. there are NO '<location>' directives installed in the
httpd-std.conf)
>
> IMHO - this increases security - significantly. What on earth are the two of
> you proposing. When you speak of a 'code' fix, I'm near certain I smell a veto
> (in favor of reverting all filesystem abstraction to date) and drop all further
> efforts on dir_walk and file_walk as well.
the code 'fix' I am proposing (if any) is to change the 'Options' to
default to 'OPT_NONE' instead of 'OPT_ALL'. (which is what it currently
does)
>
> Bill
--
Ian Holsman
Performance Measurement & Analysis
CNET Networks - 415 364-8608
