svn commit: r1647047 - in /tomcat/jk/trunk: conf/httpd-jk.conf xdocs/reference/apache.xml xdocs/reference/iis.xml xdocs/webserver_howto/apache.xml

Sat, 20 Dec 2014 12:04:41 -0800 

Author: rjung
Date: Sat Dec 20 20:04:28 2014
New Revision: 1647047

URL: http://svn.apache.org/r1647047
Log:
Document new option for configuring handling
of multiple adjacent slashes in request URLs.

Modified:
    tomcat/jk/trunk/conf/httpd-jk.conf
    tomcat/jk/trunk/xdocs/reference/apache.xml
    tomcat/jk/trunk/xdocs/reference/iis.xml
    tomcat/jk/trunk/xdocs/webserver_howto/apache.xml

Modified: tomcat/jk/trunk/conf/httpd-jk.conf
URL: 
http://svn.apache.org/viewvc/tomcat/jk/trunk/conf/httpd-jk.conf?rev=1647047&r1=1647046&r2=1647047&view=diff
==============================================================================
--- tomcat/jk/trunk/conf/httpd-jk.conf (original)
+++ tomcat/jk/trunk/conf/httpd-jk.conf Sat Dec 20 20:04:28 2014
@@ -48,6 +48,12 @@ LoadModule jk_module modules/mod_jk.so
     # Since: 1.2.24
     # JkOptions +RejectUnsafeURI
 
+    # This option will collapse multiple adjacent slashes
+    # in request URLs before looking for mount or unmount
+    # matches.
+    # Since: 1.2.41
+    # JkOptions +CollapseSlashesAll
+
     # After setting JkStripSession to "On", mod_jk will
     # strip all ";jsessionid=..." from request URLs it
     # does *not* forward to a backend.

Modified: tomcat/jk/trunk/xdocs/reference/apache.xml
URL: 
http://svn.apache.org/viewvc/tomcat/jk/trunk/xdocs/reference/apache.xml?rev=1647047&r1=1647046&r2=1647047&view=diff
==============================================================================
--- tomcat/jk/trunk/xdocs/reference/apache.xml (original)
+++ tomcat/jk/trunk/xdocs/reference/apache.xml Sat Dec 20 20:04:28 2014
@@ -773,6 +773,31 @@ but also slightly more complicated.
 </p>
 
 <p>
+JkOptions <b>CollapseSlashesAll</b> will collapse multiple
+adjacent slashes in request URLs before looking for mount or unmount
+matches.
+<br/>
+<br/>
+</p>
+
+<p>
+JkOptions <b>CollapseSlashesUnmount</b> will collapse multiple
+adjacent slashes in request URLs only before looking for unmount
+matches. This is the default value.
+<br/>
+<br/>
+</p>
+
+<p>
+JkOptions <b>CollapseSlashesNone</b> will never collapse multiple
+adjacent slashes in request URLs before looking for mount or unmount
+matches. Using this value might make you vulnerable for attacks
+bypassing your unmount rules.
+<br/>
+<br/>
+</p>
+
+<p>
 JkOptions <b>ForwardDirectories</b> is used in conjunction with 
<b>DirectoryIndex</b>
 directive of Apache web server. As such mod_dir should be available to Apache,
 statically or dynamically (DSO)

Modified: tomcat/jk/trunk/xdocs/reference/iis.xml
URL: 
http://svn.apache.org/viewvc/tomcat/jk/trunk/xdocs/reference/iis.xml?rev=1647047&r1=1647046&r2=1647047&view=diff
==============================================================================
--- tomcat/jk/trunk/xdocs/reference/iis.xml (original)
+++ tomcat/jk/trunk/xdocs/reference/iis.xml Sat Dec 20 20:04:28 2014
@@ -201,6 +201,24 @@ or any string starting with "F" or "f".
 </p>
 <p>This directive has been added in version 1.2.24</p>
 </attribute>
+<attribute name="collapse_slashes" required="false"><p>
+One of the string values "all", "none" or "unmount".
+It controls whether multiple adjacent slashes in request URLs are
+collapsed before looking for a mount or unmount match.
+</p>
+<p>
+Value "all" will result in collapsing before mount and unmount
+checks, value "none" will result in never collapsing, value
+"unmount" will check mount rules without collapsing but unmount
+with collapsing.
+</p>
+<p>
+Before version 1.2.41 collapsing was never done. Starting with
+version 1.2.41 collapsing before looking for unmount matches
+is the default to prevent easy bypassing of unmount rules.
+</p>
+<p>This directive has been added in version 1.2.41</p>
+</attribute>
 <attribute name="watchdog_interval" required="false"><p>
 A DWORD value representing the watchdog thread interval in seconds.
 The workers are maintained periodically by a background thread

Modified: tomcat/jk/trunk/xdocs/webserver_howto/apache.xml
URL: 
http://svn.apache.org/viewvc/tomcat/jk/trunk/xdocs/webserver_howto/apache.xml?rev=1647047&r1=1647046&r2=1647047&view=diff
==============================================================================
--- tomcat/jk/trunk/xdocs/webserver_howto/apache.xml (original)
+++ tomcat/jk/trunk/xdocs/webserver_howto/apache.xml Sat Dec 20 20:04:28 2014
@@ -570,6 +570,31 @@ but also slightly more complicated.
 </p>
 
 <p>
+JkOptions <b>CollapseSlashesAll</b> will collapse multiple
+adjacent slashes in request URLs before looking for mount or unmount
+matches.
+<br/>
+<br/>
+</p>
+
+<p>
+JkOptions <b>CollapseSlashesUnmount</b> will collapse multiple
+adjacent slashes in request URLs only before looking for unmount
+matches. This is the default value.
+<br/>
+<br/>
+</p>
+
+<p>
+JkOptions <b>CollapseSlashesNone</b> will never collapse multiple
+adjacent slashes in request URLs before looking for mount or unmount
+matches. Using this value might make you vulnerable for attacks
+bypassing your unmount rules.
+<br/>
+<br/>
+</p>
+
+<p>
 JkOptions <b>ForwardDirectories</b> is used in conjunction with 
<b>DirectoryIndex</b>
 directive of Apache web server. As such mod_dir should be available to Apache,
 statically or dynamically (DSO)



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to