On Wed, 15 Aug 2001, Justin Erenkrantz wrote:
> On Wed, Aug 15, 2001 at 08:56:45AM -0400, Keith Wannamaker wrote:
> > I am concerned that the loss of original escaping
> > will break somebody. For instance:
>
> As Costin pointed out, the escaping of a URI does not change its
> semantics - they should be treated as identical by anyone who follows
> the URI spec. Escaping where it wasn't escaped *shouldn't* break
> anyone.
>
> And, the whole question is what does Tomcat see the request as? I
> could make a case that it should never know about the unparsed_uri,
> but only the uri that httpd finally resolved to and that mod_jk
> picked up. -- justin
I guess the only choice we can make is if Apache is part of the servlet
container ( and most follow its rules ) or not. If it is, then mod_rewrite
( and half of the modules ) just can't be used - they alter the request in
a way that's not allowed by the spec. Apache can only forward requests to
tomcat, and if it's lucky serve static files ( for apps not using filters
or strange mappings ). It can't authenticate ( since the auth model
doesn't follow the role based rules ), can't filter ( since Apache2.0
filters are very different from 2.3 filters ).
But the bright side - our live is much simpler, we don't have to worry.
If we treat apache as a web server, that cooperates with tomcat but can
do at least what a proxy is allowed to do by the HTTP spec ( i.e. alter
the request, etc ) - then we are fine ( except the life is interesting
again, and a lot of work to do including this fix ).
Costin
