- From: Drazen Kacar <Drazen.Kacar@public.srce.hr>
- Date: Wed, 4 Dec 1996 08:21:00 +0100 (MET)
- To: Shel Kaphan <sjk@amazon.com>
- Cc: mogul@pa.dec.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Shel Kaphan wrote:
> Yes, sure. You'd have to resort to unreliable heuristic techniques to
> pick out such URLs. In fact, you're likely to have already considered
> them in one of your other categories, since they are more likely to
> show up as invocations of CGI programs and the like, rather than
> static ".html" URLs -- *something* on the server end has to interpret
> or strip off the unique part of the URL. Unless the http server
> itself has been hacked, it will be a CGI program or the moral
> equivalent.
There are servers you don't have to hack. They were written by hackers.
Phttpd, for example, has this nice thing called URL rewriting. Basicaly,
the first thing the server does is checking if the requested URL is
matched by one of rewriting pattern and if so, it changes it according to
rewriting rule. For example, I can have this pair:
/*/xexe/*.html /cgi-bin/script/%{-}
which will translate http://my.host/~dave/xexe/cacheme.html to
http://my.host/cgi-bin/script/~dave/xexe/cacheme.html
User agent will always see the URL before rewriting and server will invoke
CGI which will receive original URL via PATH_INFO (and PHTTPD_ORIG_URL as
well :) env variable(s). Phttpd is being run on a little more than 100
hosts, so I suppose you won't encounter this often, but I think that
Apache 1.1 can do crippled version of the magick with Action directive.
--
Life is uncacheable sexually transmitted disease.
dave@fly.cc.fer.hr
dave@zemris.fer.hr
Received on Tuesday, 3 December 1996 23:33:08 UTC