[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[myserver-commit] [3019] Possibility to disable a specific HTTP command.
From: |
Giuseppe Scrivano |
Subject: |
[myserver-commit] [3019] Possibility to disable a specific HTTP command. |
Date: |
Mon, 02 Mar 2009 21:27:20 +0000 |
Revision: 3019
http://svn.sv.gnu.org/viewvc/?view=rev&root=myserver&revision=3019
Author: gscrivano
Date: 2009-03-02 21:27:19 +0000 (Mon, 02 Mar 2009)
Log Message:
-----------
Possibility to disable a specific HTTP command.
Modified Paths:
--------------
trunk/myserver/documentation/virtual_hosts.texi
trunk/myserver/include/protocol/http/http.h
trunk/myserver/src/protocol/http/http.cpp
Modified: trunk/myserver/documentation/virtual_hosts.texi
===================================================================
--- trunk/myserver/documentation/virtual_hosts.texi 2009-03-01 18:35:31 UTC
(rev 3018)
+++ trunk/myserver/documentation/virtual_hosts.texi 2009-03-02 21:27:19 UTC
(rev 3019)
@@ -118,15 +118,13 @@
@file{foo/bar/a/file}, everything that follows @file{foo/bar} will be
part of @code{PATH_INFO}.
address@hidden HTTP trace command
-MyServer gives you the option to enable the HTTP TRACE command for
-each virtual host.
address@hidden Disable specific HTTP methods
+MyServer gives you the option to enable or disable HTTP methods
+command for each virtual host. It can be done trought the
address@hidden variable.
-This value can be specified in the global and in the virtual host
-configuration.
+For example, the HTTP TRACE command can be disabled using:
@example
-<DEFINE name="http.allow_trace" value="YES" />
+<DEFINE name="http.trace.allow" value="NO" />
@end example
-
-By default, it's disabled.
Modified: trunk/myserver/include/protocol/http/http.h
===================================================================
--- trunk/myserver/include/protocol/http/http.h 2009-03-01 18:35:31 UTC (rev
3018)
+++ trunk/myserver/include/protocol/http/http.h 2009-03-02 21:27:19 UTC (rev
3019)
@@ -123,9 +123,6 @@
int onlyHeader = 0,
int yetMapped = 0);
- bool allowHTTPTRACE();
-
-
int optionsHTTPRESOURCE(string &filename,
int yetMapped = 0);
@@ -135,6 +132,8 @@
int deleteHTTPRESOURCE(string& filename,
int yetMapped = 0);
+ bool allowMethod(const char *name);
+
int raiseHTTPError(int ID);
int sendHTTPhardError500();
Modified: trunk/myserver/src/protocol/http/http.cpp
===================================================================
--- trunk/myserver/src/protocol/http/http.cpp 2009-03-01 18:35:31 UTC (rev
3018)
+++ trunk/myserver/src/protocol/http/http.cpp 2009-03-02 21:27:19 UTC (rev
3019)
@@ -109,7 +109,7 @@
try
{
HttpRequestHeader::Entry *connection = td->request.other.get("Connection");
- string methods("OPTIONS, GET, POST, HEAD, DELETE, PUT");
+ string methods("OPTIONS, GET, POST, HEAD, DELETE, PUT, TRACE");
HashMap<string, DynamicHttpCommand*>::Iterator it =
staticHttp.dynCmdManager.begin();
while(it != staticHttp.dynCmdManager.end())
@@ -132,17 +132,9 @@
if(connection && connection->value->length())
*td->secondaryBuffer << "\r\nConnection:" << connection->value->c_str()
<< "\r\n";
*td->secondaryBuffer <<"Content-Length: 0\r\nAccept-Ranges: bytes\r\n";
- *td->secondaryBuffer << "Allow: " << methods << "\r\n";
+ *td->secondaryBuffer << "Allow: " << methods << "\r\n\r\n";
- /*!
- *Check if the TRACE command is allowed on the virtual host.
- */
- if (allowHTTPTRACE ())
- *td->secondaryBuffer << ", TRACE\r\n";
-
- *td->secondaryBuffer << "r\n";
-
- /*! Send the HTTP header. */
+ /* Send the HTTP header. */
ret = td->connection->socket->send(td->secondaryBuffer->getBuffer(),
(u_long)td->secondaryBuffer->getLength(), 0);
if( ret == SOCKET_ERROR )
@@ -180,9 +172,6 @@
tmp.intToStr(contentLength, tmpStr, 12);
getRFC822GMTTime(time, HTTP_RESPONSE_DATE_DIM);
- if (!allowHTTPTRACE ())
- return raiseHTTPError (401);
-
td->secondaryBuffer->setLength(0);
*td->secondaryBuffer << "HTTP/1.1 200 OK\r\n";
*td->secondaryBuffer << "Date: " << time << "\r\n";
@@ -218,18 +207,22 @@
}
/*!
- *Check if the host allows the HTTP TRACE command.
+ *Check if the method is allowed.
+ *\param method The HTTP method name.
+ *\return true if it is allowed.
*/
-bool Http::allowHTTPTRACE()
+bool Http::allowMethod(const char *method)
{
- const char *allowTrace = td->securityToken.getHashedData
("http.allow_trace",
-
MYSERVER_VHOST_CONF |
-
MYSERVER_SERVER_CONF, "NO");
+ char name[64];
+ sprintf ("http.%s.allow", method);
+ const char *allow = td->securityToken.getHashedData (name,
+ MYSERVER_VHOST_CONF |
+ MYSERVER_SERVER_CONF,
"YES");
- if (!strcmpi (allowTrace, "YES"))
- return true;
- else
+ if (!strcmpi (allow, "NO"))
return false;
+ else
+ return true;
}
/*!
@@ -1356,10 +1349,9 @@
if(!ret)
{
- /*
- *Here we control all the HTTP commands.
- */
-
+ if (!allowMethod (td->request.cmd.c_str ()))
+ return raiseHTTPError (401);
+
/* GET REQUEST. */
if(!td->request.cmd.compare("GET"))
ret = sendHTTPResource(td->request.uri);
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [myserver-commit] [3019] Possibility to disable a specific HTTP command.,
Giuseppe Scrivano <=