We use a TransHandler to (among other things) manage name-based virtual
hosts (simply put, given the incoming Host: header plus URI, map to a file).
We (of course) sanitize the incoming URI and Host. It works fine.
I "save" the sanitized hostname like so:
$r->header_in('Host',$host);
$r->subprocess_env('SERVER_NAME',$host);
$r->parsed_uri->hostname($host);
I used to use just the first line, but I added the other two thinking
they might fix our problems...
First problem (somewhat minor):
$ENV{'SERVER_NAME'} remains "unsanitized" (i.e., it's still exactly what
the client sent in the "Host:" header). This is not a big deal because the
sanitized host gets set properly in $ENV{'HTTP_HOST'}. Scripts can just
use that variable instead.
Second problem (bigger):
For logging, we use CLF with the virtual host name tacked on the front
of the line (using %V in the LogConfig). Yes we have "UseCanonicalName On"
and I've read http://apache.org/docs/mod/core.html#usecanonicalname so I
know that %V and SERVER_NAME get set to whatever the client sends.
(and I can't turn it off, because then %V is always ServerName, and
suddenly no "virtual hosts").
I experimented by putting the host sanitation in a PostReadRequestHandler.
Same results. I thought this phase was "...where you can examine HTTP
headers and change them before Apache gets a crack at them" (TPJ #9, p.6).
Here's the relevant bit of Apache code (1.3.9) in http_core.c in the
ap_get_server_name() function:
if (d->use_canonical_name == USE_CANONICAL_NAME_OFF) {
return r->hostname ? r->hostname : r->server->server_hostname;
}
There's no $r->hostname method in mod_perl that I can find, and
unfortunately $r->server->server_hostname is read-only.
I can only think of a couple options: hack http_core.c to do what I want,
or write a custom LogHandler that uses the sanitized host.
Is there any other way?
PS: I'd still like to hear from anyone who is running mod_perl on
Solaris 2.5.1 with Perl 5.005_03 -- I don't want to stick with 5.004 forever.
