-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
while playing around with handlers, i noticed, that any user can register the 'server-status'-handler by putting SetHandler server-status in an htacces-File. This can not be prevented by using a alternating AllowOverride-directives, since 'SetHandler' is part of 'FileInfo' which also holds ErrorDocuments, mod_rewrite, etc. Since the server-status-handler offers information one might not want others to have access to (for example a massive shared hosting environment), i created a small patch that enables a custom handlername for the server-status-module. Just thought someone else might have use for it. What this patch does: - - reserves memory for directive with parameter (AP_INIT_TAKE1) - - adds a function for creating config-records (create_modstatus_config) - - adds a function to set the handlername (set_serverstatus_handler_name) If the handlername is not set using the directive, it defaults to the old 'server-status' and continues to work with the old setting. How to test: 1. build and install the module with apxs2 2. create a new directive like the following in the root-configuration of the server ServerStatusHandlerName statusteststring 3. set a handler somewhere like the following: SetHandler statusteststring attached files: mod_status.c - the complete module mod_status-diff.patch - the patch with all changes made Any comments, suggestions, improvements and/or critical comments are welcome. best regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwSLmIACgkQHaTGAGocg2KOXACfYmRIj0TTTT8gOU5F6If2EFAw oSMAnRO914zl5gqnggpqcXgOmdyVA37j =diTB -----END PGP SIGNATURE-----
