>>> If there will be a reasonable way to tell the in-kernel server
>>> from userspace, what set of URLs should be mapped to what files,
>>> it will be enough to perform this task in fast and secure way,
>>> leaving all complex work to userspace server.
>> Perhaps one could use something based on the way squid currently
>> does that task.
>> 1. If the URL has a ? anywhere within it, squid assumes it to
>> be a dynamic URL.
> If the URL has ? in it, there CANNOT be a file corresponding
> with it, so this one caught by kHTTPd right now, using the rule
> "When not servable, do userspace".
Don't be too sure of that - try the following command:
Q> touch 'x?y' ; ls -l 'x?y'
I've just tried it, and it works fine here...
>> 2. One of squid's configuration parameters specifies a
>> collection of directory names which, if found in the
>> URL with / on either side of them, and with at least
>> one element after them, are taken as indicating that
>> the URL in question is a DYNAMIC one.
> Nice idea. I'll think about it.
>> 3. Any URL not satisfying one of the above rules is taken
>> to be a static one.
> kHTTPd adds rule 4:
> 4. If the file is executable or non-world-readable
Split that into two rules:
4. If the file is executable.
The fact that a file is executable does not automatically make it a
dynamic URL, but it's probably wise to leave that decision to the
userland server.
5. If the file is non-world readable.
In this case, if it hasn't been caught by the previous rule, then it's
also non-accessible and khttpd should just return "403 Forbidden" or
"404 File Not Found" as preferred. You can check this out for yourself
quite easily as http://www.memalpha.cx/test.html is just such a file,
a valid web page with mode 600.
>> ...and rule 2 suggests the use of /proc/sys/khttpd as a file to
>> specify the directory names to look for in rule 2, with the
>> default contents being the same as the squid defaults.
> Good idea. I'll try to implement it this weekend.
It's probably a good idea to make that a general configuration file
for khttpd with rules of the form...
Q> dynamic='cga-bin'
Q> hide-403=no
...where the first line specifies the directories that are considered
signs of a dynamic URL and the second specifies whether to allow the
return codes to leak information about inaccessible files. Add other
lines as needed.
Alternatively, make /proc/sys/khttpd a directory with files therein
/proc/sys/khttpd/options with lines like "hide-403=no" in it, and
/proc/sys/khttpd/dynamic-directories containing a list of the names of
directories that have dynamic content.
One final point: How will khttpd handle virtual hosting, or doesn't
it handle that?
Best wishes from Riley.
+----------------------------------------------------------------------+
| There is something frustrating about the quality and speed of Linux |
| development, ie., the quality is too high and the speed is too high, |
| in other words, I can implement this XXXX feature, but I bet someone |
| else has already done so and is just about to release their patch. |
+----------------------------------------------------------------------+
* ftp://ftp.MemAlpha.cx/pub/rhw/Linux
* http://www.MemAlpha.cx/kernel.versions.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/