De: Bojan Smojver [mailto:[EMAIL PROTECTED]]
Enviado el: 30 de agosto de 2002 1:11
Para: Tomcat Dev List
Asunto: RE: Spec question: RE BUG 12052
On Thu, 2002-08-29 at 23:49, Ignacio J. Ortega wrote:
We know how r-parsed_uri.port gets his value?
Yep. It's getting it from the URL
On Fri, 30 Aug 2002, Ignacio J. Ortega wrote:
Wrong, It takes the port and ServerName from the Host: header if the
Request-uri is relative ( most common case ) and from the Reqeust-Uri if
it is absolute.. rfc2616 Section 5.2 strict compliance..
The comment in apache2.0 core.c seems to
- Another cause to worry is the comment in apache2 core.c:
There are two options regarding what the name of a server is. The
canonical name as defined by ServerName and Port, or the client's
name as supplied by a possible Host: header or full URI. We never
trust the port passed in
On Fri, 30 Aug 2002, Ignacio J. Ortega wrote:
- Another cause to worry is the comment in apache2 core.c:
There are two options regarding what the name of a server is. The
canonical name as defined by ServerName and Port, or the client's
name as supplied by a possible Host:
-Mensaje original-
De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Enviado el: 30 de agosto de 2002 19:54
Para: Tomcat Developers List
Asunto: RE: Spec question: RE BUG 12052
It may very well be a security issue ( and quite a big one !
). There are
sites using all kinds
On Fri, 30 Aug 2002, Ignacio J. Ortega wrote:
It may very well be a security issue ( and quite a big one !
). There are
sites using all kinds of firewalls and settings in httpd.conf to
restrict access to some hosts or ports ( say from internal network ).
If Host: info is used for
]]
Sent: Friday, August 30, 2002 2:50 PM
To: Tomcat Developers List
Subject: RE: Spec question: RE BUG 12052
On Fri, 30 Aug 2002, Ignacio J. Ortega wrote:
It may very well be a security issue ( and quite a big one !
). There are
sites using all kinds of firewalls and settings
De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Enviado el: 30 de agosto de 2002 20:50
Para: Tomcat Developers List
Asunto: RE: Spec question: RE BUG 12052
The server may have 2 ip addresses, one visible from outside and one
restricted by firewalls to only internal users ( and used
On Fri, 2002-08-30 at 23:51, Ignacio J. Ortega wrote:
De: Bojan Smojver [mailto:[EMAIL PROTECTED]]
Enviado el: 30 de agosto de 2002 1:11
Para: Tomcat Dev List
Asunto: RE: Spec question: RE BUG 12052
On Thu, 2002-08-29 at 23:49, Ignacio J. Ortega wrote:
We know how r
Quoting [EMAIL PROTECTED]:
So: getServerPort() should return the same as the CGI variable SERVER_PORT
( which returns the server port, not the host header ! ), meaning the
value of the part after : in the Host header.
I didn't know that the servlet spec can define new meanings for the
- Original Message -
From: [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Sent: Wednesday, August 28, 2002 7:12 PM
Subject: Re: Spec question: RE BUG 12052
On Wed, 28 Aug 2002, Bill Barker wrote:
I think the decision to use the Host header is right, but
I agree
-Mensaje original-
De: Bojan Smojver [mailto:[EMAIL PROTECTED]]
Enviado el: 29 de agosto de 2002 1:46
Para: Tomcat Dev List
Asunto: Re: Spec question: RE BUG 12052
AP_DECLARE(apr_port_t) ap_get_server_port(const request_rec *r)
{
apr_port_t port
On Thu, 29 Aug 2002, Bill Barker wrote:
FWIW, I agree that the 2.4 servlet-spec and the CGI-spec are out of sync
here. If I actually thought that any members of the JCP were subscribed to
this list, I'd think to ask for clarification before 2.4 went final. :)
The way to ask would be to
On Thu, 2002-08-29 at 11:13, Craig R. McClanahan wrote:
On Thu, 29 Aug 2002, Bill Barker wrote:
FWIW, I agree that the 2.4 servlet-spec and the CGI-spec are out of sync
here. If I actually thought that any members of the JCP were subscribed to
this list, I'd think to ask for
On Thu, 29 Aug 2002, Bill Barker wrote:
So: getServerPort() should return the same as the CGI variable SERVER_PORT
( which returns the server port, not the host header ! ), meaning the
value of the part after : in the Host header.
I didn't know that the servlet spec can define new
To answer my own email - with a summary:
- what the user really wants is to know how to form URLs - that's
how the server name and port are used in most cases
- the real problem is getServerName(). In CGI it is the 'canonical'
name. A server may have multiple aliases for a host, and in many
On Thu, 2002-08-29 at 23:49, Ignacio J. Ortega wrote:
We know how r-parsed_uri.port gets his value?
Yep. It's getting it from the URL, not the headers.
Bojan
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
On 28 Aug 2002, Bojan Smojver wrote:
Date: 28 Aug 2002 23:27:18 +1000
From: Bojan Smojver [EMAIL PROTECTED]
Reply-To: Tomcat Developers List [EMAIL PROTECTED]
To: Tomcat Dev List [EMAIL PROTECTED]
Subject: Spec question: RE BUG 12052
Craig,
I think this bug report is invalid, since
-Original Message-
From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 28, 2002 12:15 PM
To: Tomcat Developers List
Subject: Re: Spec question: RE BUG 12052
On 28 Aug 2002, Bojan Smojver wrote:
Date: 28 Aug 2002 23:27:18 +1000
From: Bojan
On Wed, 28 Aug 2002, John Trollinger wrote:
Date: Wed, 28 Aug 2002 12:19:19 -0400
From: John Trollinger [EMAIL PROTECTED]
Reply-To: Tomcat Developers List [EMAIL PROTECTED]
To: 'Tomcat Developers List' [EMAIL PROTECTED]
Subject: RE: Spec question: RE BUG 12052
-Original Message
On Wed, 28 Aug 2002, John Trollinger wrote:
Consider Apache running on port 80, forwarding to Tomcat on
8009 (the default setup). I think it's reasonable for the
application developer to assume that getServerPort() is going
to return 80 and not 8009, because they should conceptually
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 28, 2002 1:04 PM
To: Tomcat Developers List
Subject: RE: Spec question: RE BUG 12052
On Wed, 28 Aug 2002, John Trollinger wrote:
Consider Apache running on port 80, forwarding
De: Bojan Smojver [mailto:[EMAIL PROTECTED]]
Enviado el: 28 de agosto de 2002 15:27
Para: Tomcat Dev List
Asunto: Spec question: RE BUG 12052
of load balancers and firewalls, so it is unrealistic to expect to
return port numbers that it doesn't know about. What do you think?
- Original Message -
From: Costin Manolache [EMAIL PROTECTED]
Newsgroups: gmane.comp.jakarta.tomcat.devel
To: [EMAIL PROTECTED]
Sent: Wednesday, August 28, 2002 10:36 AM
Subject: RE: Spec question: RE BUG 12052
John Trollinger wrote:
I can agree that mod_jk can be seen as part
On Wed, 28 Aug 2002, Craig R. McClanahan wrote:
If you run Tomcat behind Apache using JK, the entire combination is the
container from the perspective of the servlet specification. The entire
combination has to meet all the spec rules or it's not compliant.
The fact that the servlet spec
Ryan Lubke wrote:
The port MUST be the one in the Host Header if one is present,and should
be present if the request is HTTP1.1 compliant,
What if the Host header is supplied, but the value is empty. This seems
legal per section 14.23 of the HTTP/1.1 RFC?
It is legal in the case that
Ignacio J. Ortega wrote:
De: Bojan Smojver [mailto:[EMAIL PROTECTED]]
Enviado el: 28 de agosto de 2002 15:27
Para: Tomcat Dev List
Asunto: Spec question: RE BUG 12052
of load balancers and firewalls, so it is unrealistic to expect to
return port numbers that it doesn't know about. What
De: Ryan Lubke [mailto:[EMAIL PROTECTED]]
Enviado el: 28 de agosto de 2002 20:29
Para: Tomcat Developers List
Asunto: RE: Spec question: RE BUG 12052
The port MUST be the one in the Host Header if one is
present,and should
be present if the request is HTTP1.1 compliant,
What
On Wed, 2002-08-28 at 17:05, Ignacio J. Ortega wrote:
De: Ryan Lubke [mailto:[EMAIL PROTECTED]]
Enviado el: 28 de agosto de 2002 20:29
Para: Tomcat Developers List
Asunto: RE: Spec question: RE BUG 12052
The port MUST be the one in the Host Header if one is
present
On 28 Aug 2002, Ryan Lubke wrote:
1) For me after ( another ) reading of rfc2616, from the point you named
and following the references given there, i've found that in 5.2 seems
to say that a empty Host: header must be responded by 400 because empty
it is not a valid Host name..
But
On Thu, 2002-08-29 at 02:14, Craig R. McClanahan wrote:
Consider Apache running on port 80, forwarding to Tomcat on 8009 (the
default setup). I think it's reasonable for the application developer to
assume that getServerPort() is going to return 80 and not 8009, because
they should
On Thu, 2002-08-29 at 04:28, Bill Barker wrote:
The question in 12052 is whether Apache should use the socket port (as it
does now), or the port in the Host header. When this came up with the
Coyote/Http11 connector, the decision was that the Host header was the
correct one. I'd have to
I think the decision to use the Host header is right, but
I agree that it violates the wording in the servlet spec.
The SERVER_PORT and the port in the Host: header are different
beasts - in most use cases I've seen the user is interested
in the second.
Note that a load balancer or proxy is
- Original Message -
From: [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Sent: Wednesday, August 28, 2002 5:01 PM
Subject: Re: Spec question: RE BUG 12052
I think the decision to use the Host header is right, but
I agree that it violates the wording in the servlet
Quoting Bill Barker [EMAIL PROTECTED]:
Not anymore. ;-) In the current 2.4 spec draft it is required to be taken
from the Host header.
Huh, I guess that's that then. The bug does seem to be valid. At least according
to the newer spec.
Bojan
-
On Wed, 28 Aug 2002, Bill Barker wrote:
I think the decision to use the Host header is right, but
I agree that it violates the wording in the servlet spec.
The SERVER_PORT and the port in the Host: header are different
beasts - in most use cases I've seen the user is interested
in
36 matches
Mail list logo