> Quick_handler bypasses everything. We ignore the client's headers, the
> server's configuration, everything. Frankly, quick_handler is not Apache,
> and anyone who writes a quick_handler hack and calls it a module for
> 'Apache' is full of sh*t. Powered by the Apr/Apache MPM/load manager is
> more like it (that isn't badness, that's just reality.)
That's a goofy way of looking at it. You might as well say that Redirect
is not Apache because it ignores Directory sections. And let's not
even get into what can be done by mod_rewrite.
A quick_handler operates the way that a Web server is supposed to operate.
I should be able to add a hook that detects a Code Red request and immediately
close the connection with as little server overhead as possible. Normally
I would do that with a custom change to the HTTP parser, but it makes more
sense to do it as a hook with quick_handler.
It isn't a security hole -- it is just another config directive.
....Roy
