ID: 19113
Comment by: uhlar at fantomas dot sk
Reported By: php_new at jdc dot parodius dot com
Status: Bogus
Bug Type: Apache related
Operating System: FreeBSD
PHP Version: 4.3.2-dev
New Comment:
I don't know the apache's interface to modules, But I think that either
php should tell apache by initialization that it can handle GET, HEAD,
and POST method, ot the php should
check whether it is able to process the method (CONNECT in this case) -
if it does have handler for it.
I think that php does not have handler for CONNECT by default, thus it
should either reject the request or pass it to apache for later
processing.
mod_perl probably has the same bug, but unless apache does have an
interface for modules to specify which methods are they able to use AND
ignores the methods, it is a bug od mod_php versus mod_perl...
Previous Comments:
------------------------------------------------------------------------
[2003-08-24 10:26:07] messi at toxis dot com
I added the following three lines to Apache's mod_dir. This is ugly but
works fine for me. Unless there's another way to prevent mod_php4 from
getting invoked I'll use this on my machines.
Dunno if this will work with mod_proxy but I guess so.
--- src/modules/standard/mod_dir.c
+++ src/modules/standard/mod_dir.c
@@ -118,4 +118,7 @@
static int handle_dir(request_rec *r)
{
+ if (r->method_number == M_CONNECT)
+ return HTTP_NOT_IMPLEMENTED;
+
dir_config_rec *d =
(dir_config_rec *) ap_get_module_config(r->per_dir_config,
Use it at your own risk and only with Apache 1.3(.28)!
------------------------------------------------------------------------
[2003-06-03 22:17:59] [EMAIL PROTECTED]
See comment by: [16 Mar 6:40am CST] psi-jack at myrddincd dot com
------------------------------------------------------------------------
[2003-03-16 06:40:23] psi-jack at myrddincd dot com
I've been testing out all the comments mentioned in this report.
The findings I have, is with Apache 1.3.27, and various modules. The
modules I use is mod_php 4.3.0, mod_perl 1.27, mod_mp3 0.39, and for
mod_perl, I had HTML-Mason and AxKit, and various other non-advertising
mod_perl modules.
What did I find? With all the mentioned modules loaded, I get the same
results as mentioned within these comments.
\xe3P
TINTE / HTTP/1.0
CONNECT www.google.com:80 HTTP/1.0
Etc, all these, provide the default page, wether it's a DirectoryIndex,
or directory listing itself.
I unloaded mod_php, as per this bug was about. Still, same results.
Once I unloaded mod_perl, however, the problem went away. I started
getting 501's with those requests.
mod_mp3 didn't seem to effect that at all.
My final conclusion, this is very likely to be an Apache DSO bug, and
not related directly to PHP, since it occured with mod_perl as well.
The only one thing I did not try, was unloading my perlmodules from
mod_perl.
------------------------------------------------------------------------
[2003-01-22 05:14:24] karabass at mitino dot ptt dot ru
It *is* severe because when I see in apache access_log a message like
this:
24.153.155.146 - - [22/Jan/2003:01:25:48 +0300] "CONNECT
maildelivery.somewhere:25 HTTP/1.0" 200 44623 "-" "-"
it is threatening enough for me to put away what I was doing and start
staring at my httpd.conf. And that only takes 3-4 hours to just find
this bug-report and make myself comfortable about this new "PHP
feature".
------------------------------------------------------------------------
[2003-01-19 04:57:37] [EMAIL PROTECTED]
Well can you tell me why it is "severe"?
Okay it is maybe not correct that it reacts on any string
but basicly why should it not react on
TINTE / HTTP/1.0
This could be a valid request if the server has loaded
mod_tinte v1.0 or whatever. If you dislike the feature
you can always check for a valid ("from your point of
view") request method from within your scripts.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/19113
--
Edit this bug report at http://bugs.php.net/?id=19113&edit=1
