On 19 Jul 2012, at 18:07, Tim Bannister <[email protected]> wrote: > On 19 Jul 2012, at 17:26, Nick Kew wrote: > >>> 2. Fixes to get Apache to drop the connection if it detects (during >>> .htaccess lookup) that it would need to change the uid. >> >> Dropping the connection gratuitously breaks HTTP, and so has no place in >> httpd (of course, a third-party module sets its own rules). Would it need a >> core patch to return an Internal Server Error (500)? > > Vanilla httpd does this all the timeā¦ after a timed-out keepalive. The client > cannot make any assumptions about the configured timeout, and can't tell > whether the dropped connection is due to a genuine timeout or a UID mismatch > between the previous and current request.
I would hate to have to troubleshoot this - two completely independent behaviors, with the same symptom but completely different cause. Nick is right, a 500 is the right thing to do here. Regards, Graham --
