2012/3/11 Konstantin Preißer <verlag.preis...@t-online.de>: > Hi all, > > I have some questions about the documentation of the ISAPI Connector 1.2.32 > (and about the connector itself). > > > 1. In the Reference Guide for IIS > (http://tomcat.apache.org/connectors-doc/reference/iis.html), the registry > options are listed. For the option "enable_chunked_encoding" which controls > if chunked encoding is used, there is the note: > > "This option is considered experimental and its support must be compile time > enabled. Use isapi_redirect.dll with chunked support enabled." > > Is enabling chunked encoding still considered experimental? I'm using it > since one year or so on IIS 7 and never encountered any problems with it > (besides one or two bugs which I reported and got fixed). Also, I'm not sure > if the phrase "its support must be compile time enabled" currently still > applies, as it seems that the binaries are always compiled with support for > chunked encoding since 1.2.30 or so. > > > I would consider chunked encoding support as a requirement for optimal > performance, because without supporting it, each time a response is sent to a > client without knowing the Content-Length in advance, the TCP connection has > to be closed (and re-opened when another request should be performed), which > is why I always enable chunked encoding in the ISAPI connector. > > If there are no problems with the chunked encoding reported, maybe the docs > could be changed to remove the "experimental" note? Maybe even the default > value for "enable_chunked_encoding" in the connector itself could be changed > from "false" to "true"? > > > 2. I observed that when a request is made to IIS which is mapped to Tomcat, > and the request path contains the string "WEB-INF", like > http://www.example.com/test/asdf/blahblah/blah/WEB-INF/blahbla/asdf > then the ISAPI connector logs a statement like this: > > [Sat Mar 10 22:34:58.030 2012] [11744:10792] [emerg] > handle_notify_event::jk_isapi_plugin.c (1997): > [/test/asdf/blahblah/blah/WEB-INF/blahbla/asdf] points to the web-inf or > meta-inf directory. Somebody tries to hack into the site!!! > > If I remember correctly, in some earlier versions of the ISAPI connector (or > IIS), in such cases the TCP connection from IIS to the client would also be > closed without any reply; however, in the current version, a 404 reply is > sent from the ISAPI connector. > > I'm wondering why the ISAPI redirector checks if "WEB-INF" is occurring in > the path, because Tomcat seems to already check if a request is made to the > WEB-INF or META-INF directory of an web application, and if so, sends back a > normal 404 response. Is this a kind of relict from earlier times? Because I > would expect that the ISAPI redirector just passes the request to Tomcat and > let Tomcat decide how requests to forbidden directories are handled, without > writing an "emergency" log entry.
Regarding this "2."nd question - see also this recent issue: https://issues.apache.org/bugzilla/show_bug.cgi?id=51769 "False positive: Somebody try to hack into the site!!!" > Fixed in r1187916, will be part of version 1.2.33. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
