Hi,
On Sat, 21 Apr 2012, Jeff Trawick wrote:
there is the problem that if modules like mod_status or
mod_proxy_balancer are loaded, all people with permissions to create
.httaccess files can use the status pages by using SetHandler in an
.htaccess file.
My 2 cents:
SetHandler shouldn't be used to enable these because it requires an
unnecessary filesystem walk and only requires a very small amount of
code to implement a flag directive. Having ServerStatus On|Off
anywhere in the configuration would disable the check for r->handler
== "status-handler" (migration).
I must admit that I haven't looked into why they use the handler for
configuration. But my feeling is that we won't get rid of modules doing
it this in the forseeable future.
Is the use of handler by these a feature though, such as needing to
let other modules generate these reports by some mechanism other than
using a subrequest for or redirecting to the location where it is
enabled? I don't know how smooth mod_allowhandler would be for that
anyway.
It does the checks at the end of the fixup hook, which seems to work with
the setups I could think of. But more testing is needed, of course.
There are other situations where mod_allowhandlers would be helpful,
but I think we could provide a simpler mechanism (flag) for the
several sensitive handlers in bundled modules.
I think having it in trunk would be nice to find problems with this
approach. Unless someone disagrees, I am going to commit it. Backport to
2.4 can wait until we are sure that it is a good solution.
Cheers,
Stefan
