Sorry, Clicked the wrong button. :)
To finish the thought, with the change below, does
http://localhost/test%2F/test.jsp
still go to Tomcat? Or is it blocked from going
to Tomcat because it is a "bad" URL. If it doesn't
go to Tomcat, how do we know some other filter in the
chain isn't going to serve it statically?
Larry
> -----Original Message-----
> From: Larry Isaacs
> Sent: Tuesday, February 04, 2003 8:17 PM
> To: Tomcat Developers List
> Subject: RE: cvs commit:
> jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c
>
>
> Hi Nacho,
>
> My brain is isn't firing on all cylinders at the moment,
> but this makes me a little nervous. I think some of the
> problems in the past have been where malicious escaping
> would prevent request from being forwarded to Tomcat, and
> would be served statically.
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, February 04, 2003 3:46 PM
> > To: [EMAIL PROTECTED]
> > Subject: cvs commit:
> > jakarta-tomcat-connectors/jk/native2/server/isapi jk_isapi_plugin.c
> >
> >
> > nacho 2003/02/04 12:45:50
> >
> > Modified: jk/native2/server/isapi jk_isapi_plugin.c
> > Log:
> > Fix for Bug#16759 ISAPI_REDIRECTOR Handles %2F improperly
> >
> > Now a uri considered not valid or bad by jk2 is passed down
> > the filter chain,
> > so letting the server continue processing, also relaxed
> > logging to info as
> > they are not errors anymore..
> >
> > Revision Changes Path
> > 1.54 +10 -6
> > jakarta-tomcat-connectors/jk/native2/server/isapi/jk_isapi_plugin.c
> >
> > Index: jk_isapi_plugin.c
> >
> ===================================================================
> > RCS file:
> > /home/cvs/jakarta-tomcat-connectors/jk/native2/server/isapi/jk
> > _isapi_plugin.c,v
> > retrieving revision 1.53
> > retrieving revision 1.54
> > diff -u -r1.53 -r1.54
> > --- jk_isapi_plugin.c 4 Feb 2003 07:44:23 -0000 1.53
> > +++ jk_isapi_plugin.c 4 Feb 2003 20:45:49 -0000 1.54
> > @@ -316,20 +316,24 @@
> >
> > rc = jk_requtil_unescapeUrl(uri);
> > if (rc == BAD_REQUEST) {
> > - env->l->jkLog(env, env->l, JK_LOG_ERROR,
> > + env->l->jkLog(env, env->l, JK_LOG_INFO,
> > "HttpFilterProc [%s] contains
> > one or more invalid escape sequences.\n",
> > uri);
> > - write_error_response(pfc,"400 Bad
> > Request", HTML_ERROR_400);
> > + // XXX: Let any other filter process
> > the request,
> > + // if they take any security
> > measure or not doesnt matter.
> > + // write_error_response(pfc,"400 Bad
> > Request", HTML_ERROR_400);
> > workerEnv->globalEnv->releaseEnv(
> > workerEnv->globalEnv, env );
> > - return SF_STATUS_REQ_FINISHED;
> > + return SF_STATUS_REQ_NEXT_NOTIFICATION;
> > }
> > else if(rc == BAD_PATH) {
> > - env->l->jkLog(env, env->l, JK_LOG_EMERG,
> > + env->l->jkLog(env, env->l, JK_LOG_INFO,
> > "HttpFilterProc [%s] contains
> > forbidden escape sequences.\n",
> > uri);
> > - write_error_response(pfc,"403
> > Forbidden", HTML_ERROR_403);
> > + // XXX: Let any other filter process
> > the request,
> > + // if they take any security
> > measure or not doesnt matter.
> > + // write_error_response(pfc,"403
> > Forbidden", HTML_ERROR_403);
> > workerEnv->globalEnv->releaseEnv(
> > workerEnv->globalEnv, env );
> > - return SF_STATUS_REQ_FINISHED;
> > + return SF_STATUS_REQ_NEXT_NOTIFICATION;
> > }
> > jk_requtil_getParents(uri);
> >
> >
> >
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
