[Httpbl-beta] http method matching

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

My last email to list grew longer than planned, so I'll keep this one short.

The first parameter in a HTTPBLRBLReqHandler rule is for matching the type
of the HTTP request - here's the code that makes that test:

static int is_method_accepted_by_rbl_handler(const char* the_method, const unsigned long the_verb_bs)
{
    return  ((httpbl_string_matches(the_method, "GET"    ) && (the_verb_bs & 0x0000001ul)) ||
             (httpbl_string_matches(the_method, "POST"   ) && (the_verb_bs & 0x0000010ul)) ||
             (httpbl_string_matches(the_method, "HEAD"   ) && (the_verb_bs & 0x0000100ul)) ||
             (httpbl_string_matches(the_method, "PUT"    ) && (the_verb_bs & 0x0001000ul)) ||
             (httpbl_string_matches(the_method, "DELETE" ) && (the_verb_bs & 0x0010000ul)) ||
             (httpbl_string_matches(the_method, "OPTIONS") && (the_verb_bs & 0x0100000ul)) ||
             (httpbl_string_matches(the_method, "TRACE"  ) && (the_verb_bs & 0x1000000ul)));
}

Answers on a postcard please as to why only GET and POST ever match
when the_verb_bs has values from 0 to 255 ...

This caused me much confusion while testing, as I typically make
HEAD requests by hand (using nc etc) to view HTTP responses and they
*never failed*.

In similar vein to the category matching bitset problem, there's no way to
have a catch-all for *all* methods not matched elsewhere. Apache 2.2 has
a list of 26 different methods that are recognized - we'll not be fitting
those into our 0-255 bitset!

-jmb
-- 
James Beckett <jm...@ha...> <http://www.hackery.net/jmb/>
F601 C085 1482 B92A C812  556C A985 1497 209B 4E65