Not handling coral_no_serv response correctly
sethcohn - May 19, 2008 - 17:57
| Project: | Coral Defender |
| Version: | 5.x-1.0 |
| Component: | Code |
| Category: | bug report |
| Priority: | critical |
| Assigned: | Andrew M Riley |
| Status: | patch (reviewed & tested by the community) |
Description
See http://www.cs.nyu.edu/pipermail/coral-announce/2005q1/000010.html
First, when Coral redirects a client back to the origin server, it appends
a "?coral-no-serve" to the end of the URL, i.e.,
http://www.example.net/foo --> http://www.example.net/foo?coral-no-serve
An unmodified server (i.e., not running any dynamic cgi script) will
safely ignore this additional query string; it simply serves the file
"foo". So, basic servers will not require any changes to handle this
query-string added by Coral.
However, if servers use Apache's mod_rewrite to redirect all non-Coral
requests to Coral, they need to be careful to check that no query
"?coral-no-serve" is present. Consider the following message flow:
client -> server: http://example.net/
server redirects client
client -> coral: http://example.net.nyud.net:8090/
coral redirects client
client -> server: http://example.net/?coral-no-serve
Servers ignoring this query-string and redirecting the client *again* back
to Coral would cause a loop.Currently, coral_defender does not handle this query response correctly, leading to a endless loop (and then error) as the request bounces between the site and Coral, each passing it to the other... This should be a pretty simple fix: look for the query string, and if found, don't pass off to coral.
This must be fixed in order to properly handle quota limits, or else coral'd endusers fail to reach your pages at all once the problem arises. This makes the module unusable right now.
Doesn't look like the dev version handles this properly either...
#1
Patch to fix this issue. Please review and commit.
Added a check in the condition for coral-no-serve in the query, and if so, don't jump back to Coral.
#2
Sorry for the delay, I was on vacation. I'll will be importing this patch into the devel branch.