> > If the URL has ? in it, there CANNOT be a file corresponding
> > with it, so this one caught by kHTTPd right now, using the rule
> > "When not servable, do userspace".
>
> Don't be too sure of that - try the following command:
>
> Q> touch 'x?y' ; ls -l 'x?y'
>
> I've just tried it, and it works fine here...
>
Woops.. time to rethink...
> > kHTTPd adds rule 4:
>
> > 4. If the file is executable or non-world-readable
>
> Split that into two rules:
>
> 4. If the file is executable.
<snip>
>
> 5. If the file is non-world readable.
>
> In this case, if it hasn't been caught by the previous rule, then it's
> also non-accessible and khttpd should just return "403 Forbidden" or
> "404 File Not Found" as preferred. You can check this out for yourself
> quite easily as http://www.memalpha.cx/test.html is just such a file,
> a valid web page with mode 600.
Well, it is not this simple. What about "group" permissions?
I do intend to add a "group"-identifier to resolve this, but until then:
when in doubt -> let userspace handle it. In this case, let the
userspace-daemon tell the user that it is forbidden.
> One final point: How will khttpd handle virtual hosting, or doesn't
> it handle that?
Currently, it does not. But it _does_ parse the "Host:" tag so I don't
think adding virtual hosting will be that big a deal. It is just that
other things are more important right now.
Greetings,
Arjan van de Ven
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/