Re: [Httpbl-beta] http method matching

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

James,
   I'm looking into why only GETs and POSTs seem to be matching.

   When we set out to create the module, our intention was to make it HTTP
1.0 compatible (which does not provide support for all of the 20-something
HTTP "verbs" supported in newer versions of the HTTP protocol and in mode
versatile ).

   Off the top of my head, I would say that the best way to handle the
plethora of other "verbs" (the lesser used ones) would be to throw them all
in a catch-all bit.
On the other hand, the "verb bitset" isn't required to be only 8 bits
because it is not part of the httpBL system (it is used in mod_httpbl, not
the underlying DNS system).  Perhaps making a larger bitset in a future
version of the module is the way to go.

Dave

On 5/30/07, James Beckett <jmb...@ha...> wrote:
>
> My last email to list grew longer than planned, so I'll keep this one
> short.
>
> The first parameter in a HTTPBLRBLReqHandler rule is for matching the type
> of the HTTP request - here's the code that makes that test:
>
> static int is_method_accepted_by_rbl_handler(const char* the_method, const
> unsigned long the_verb_bs)
> {
>     return  ((httpbl_string_matches(the_method, "GET"    ) && (the_verb_bs
> & 0x0000001ul)) ||
>              (httpbl_string_matches(the_method, "POST"   ) && (the_verb_bs
> & 0x0000010ul)) ||
>              (httpbl_string_matches(the_method, "HEAD"   ) && (the_verb_bs
> & 0x0000100ul)) ||
>              (httpbl_string_matches(the_method, "PUT"    ) && (the_verb_bs
> & 0x0001000ul)) ||
>              (httpbl_string_matches(the_method, "DELETE" ) && (the_verb_bs
> & 0x0010000ul)) ||
>              (httpbl_string_matches(the_method, "OPTIONS") && (the_verb_bs
> & 0x0100000ul)) ||
>              (httpbl_string_matches(the_method, "TRACE"  ) && (the_verb_bs
> & 0x1000000ul)));
> }
>
> Answers on a postcard please as to why only GET and POST ever match
> when the_verb_bs has values from 0 to 255 ...
>
> This caused me much confusion while testing, as I typically make
> HEAD requests by hand (using nc etc) to view HTTP responses and they
> *never failed*.
>
> In similar vein to the category matching bitset problem, there's no way to
> have a catch-all for *all* methods not matched elsewhere. Apache 2.2 has
> a list of 26 different methods that are recognized - we'll not be fitting
> those into our 0-255 bitset!
>
> -jmb
> --
> James Beckett <jm...@ha...> <http://www.hackery.net/jmb/>
> F601 C085 1482 B92A C812  556C A985 1497 209B 4E65
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
> _______________________________________________
> Httpbl-beta mailing list
> Htt...@li...
> https://lists.sourceforge.net/lists/listinfo/httpbl-beta
>