Hi Nacho, My brain is isn't firing on all cylinders at the moment, but this makes me a little nervous. I think some of the problems in the past have been where malicious escaping would prevent request from being forwarded to Tomcat, and would be served statically.
> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, February 04, 2003 3:46 PM > To: [EMAIL PROTECTED] > Subject: cvs commit: > jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c > > > nacho 2003/02/04 12:45:50 > > Modified: jk/native2/server/isapi jk_isapi_plugin.c > Log: > Fix for Bug#16759 ISAPI_REDIRECTOR Handles %2F improperly > > Now a uri considered not valid or bad by jk2 is passed down > the filter chain, > so letting the server continue processing, also relaxed > logging to info as > they are not errors anymore.. > > Revision Changes Path > 1.54 +10 -6 > jakarta-tomcat-connectors/jk/native2/server/isapi/jk_isapi_plugin.c > > Index: jk_isapi_plugin.c > =================================================================== > RCS file: > /home/cvs/jakarta-tomcat-connectors/jk/native2/server/isapi/jk > _isapi_plugin.c,v > retrieving revision 1.53 > retrieving revision 1.54 > diff -u -r1.53 -r1.54 > --- jk_isapi_plugin.c 4 Feb 2003 07:44:23 -0000 1.53 > +++ jk_isapi_plugin.c 4 Feb 2003 20:45:49 -0000 1.54 > @@ -316,20 +316,24 @@ > > rc = jk_requtil_unescapeUrl(uri); > if (rc == BAD_REQUEST) { > - env->l->jkLog(env, env->l, JK_LOG_ERROR, > + env->l->jkLog(env, env->l, JK_LOG_INFO, > "HttpFilterProc [%s] contains > one or more invalid escape sequences.\n", > uri); > - write_error_response(pfc,"400 Bad > Request", HTML_ERROR_400); > + // XXX: Let any other filter process > the request, > + // if they take any security > measure or not doesnt matter. > + // write_error_response(pfc,"400 Bad > Request", HTML_ERROR_400); > workerEnv->globalEnv->releaseEnv( > workerEnv->globalEnv, env ); > - return SF_STATUS_REQ_FINISHED; > + return SF_STATUS_REQ_NEXT_NOTIFICATION; > } > else if(rc == BAD_PATH) { > - env->l->jkLog(env, env->l, JK_LOG_EMERG, > + env->l->jkLog(env, env->l, JK_LOG_INFO, > "HttpFilterProc [%s] contains > forbidden escape sequences.\n", > uri); > - write_error_response(pfc,"403 > Forbidden", HTML_ERROR_403); > + // XXX: Let any other filter process > the request, > + // if they take any security > measure or not doesnt matter. > + // write_error_response(pfc,"403 > Forbidden", HTML_ERROR_403); > workerEnv->globalEnv->releaseEnv( > workerEnv->globalEnv, env ); > - return SF_STATUS_REQ_FINISHED; > + return SF_STATUS_REQ_NEXT_NOTIFICATION; > } > jk_requtil_getParents(uri); > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
