Re: [Httpbl-beta] http method matching

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

For those of you using the newest revision of the code (r1.5), mod_httpbl.c
now allows you to specify "ALL" instead of a 0-255 bitset.  Internally, this
is stored as the maximum value of a 64bit unsigned integer.

I have done minimal testing with these new changes on Apache 2.0 but
everything looks good.

See my other email(s) on this mailing list for other changes (one which
breaks backwards compatibility).

Regards,
Dave

On 5/30/07, David Wortham <djw...@gm...> wrote:
>
> James,
>    I'm looking into why only GETs and POSTs seem to be matching.
>
>    When we set out to create the module, our intention was to make it HTTP
> 1.0 compatible (which does not provide support for all of the 20-something
> HTTP "verbs" supported in newer versions of the HTTP protocol and in mode
> versatile ).
>
>    Off the top of my head, I would say that the best way to handle the
> plethora of other "verbs" (the lesser used ones) would be to throw them all
> in a catch-all bit.
> On the other hand, the "verb bitset" isn't required to be only 8 bits
> because it is not part of the httpBL system (it is used in mod_httpbl, not
> the underlying DNS system).  Perhaps making a larger bitset in a future
> version of the module is the way to go.
>
> Dave
>
>
> On 5/30/07, James Beckett <jmb...@ha...> wrote:
> >
> > My last email to list grew longer than planned, so I'll keep this one
> > short.
> >
> > The first parameter in a HTTPBLRBLReqHandler rule is for matching the
> > type
> > of the HTTP request - here's the code that makes that test:
> >
> > static int is_method_accepted_by_rbl_handler(const char* the_method,
> > const unsigned long the_verb_bs)
> > {
> >     return  ((httpbl_string_matches(the_method, "GET"    ) &&
> > (the_verb_bs & 0x0000001ul)) ||
> >              (httpbl_string_matches(the_method, "POST"   ) &&
> > (the_verb_bs & 0x0000010ul)) ||
> >              (httpbl_string_matches(the_method, "HEAD"   ) &&
> > (the_verb_bs & 0x0000100ul)) ||
> >              (httpbl_string_matches(the_method, "PUT"    ) &&
> > (the_verb_bs & 0x0001000ul)) ||
> >              (httpbl_string_matches(the_method, "DELETE" ) &&
> > (the_verb_bs & 0x0010000ul)) ||
> >              (httpbl_string_matches(the_method, "OPTIONS") &&
> > (the_verb_bs & 0x0100000ul)) ||
> >              (httpbl_string_matches(the_method, "TRACE"  ) &&
> > (the_verb_bs & 0x1000000ul)));
> > }
> >
> > Answers on a postcard please as to why only GET and POST ever match
> > when the_verb_bs has values from 0 to 255 ...
> >
> > This caused me much confusion while testing, as I typically make
> > HEAD requests by hand (using nc etc) to view HTTP responses and they
> > *never failed*.
> >
> > In similar vein to the category matching bitset problem, there's no way
> > to
> > have a catch-all for *all* methods not matched elsewhere. Apache 2.2 has
> > a list of 26 different methods that are recognized - we'll not be
> > fitting
> > those into our 0-255 bitset!
> >
> > -jmb
> > --
> > James Beckett <jm...@ha...> <http://www.hackery.net/jmb/>
> > F601 C085 1482 B92A C812  556C A985 1497 209B 4E65
> >
> >
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > _______________________________________________
> > Httpbl-beta mailing list
> > Htt...@li...
> > https://lists.sourceforge.net/lists/listinfo/httpbl-beta
> >
>
>