From: Joshua Slive Date: Fri, 8 Apr 2005 20:13:22 +0000 (+0000) Subject: Change the default setting of UseCanonicalName to off and remove X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5381a672adf66c8dd4835b8ae5c299e0b5155b18;p=thirdparty%2Fapache%2Fhttpd.git Change the default setting of UseCanonicalName to off and remove that directive from the default config. This could use some review because it has potential security implications. In particular, it could cause cross-site scripting vulnerabilities if people rely on SERVER_NAME without validating it. But we have been running with this in our default config file for a while, and it vastly reduces the confusion that comes from people setting ServerName incorrectly. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/simple-conf@160595 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/conf/extra/httpd-default.conf.in b/docs/conf/extra/httpd-default.conf.in index 5fd1166f16d..02a587c5301 100644 --- a/docs/conf/extra/httpd-default.conf.in +++ b/docs/conf/extra/httpd-default.conf.in @@ -28,6 +28,15 @@ MaxKeepAliveRequests 100 # KeepAliveTimeout 15 +# +# UseCanonicalName: Determines how Apache constructs self-referencing +# URLs and the SERVER_NAME and SERVER_PORT variables. +# When set "Off", Apache will use the Hostname and Port supplied +# by the client. When set "On", Apache will use the value of the +# ServerName directive. +# +UseCanonicalName Off + # # AccessFileName: The name of the file to look for in each directory # for additional configuration directives. See also the AllowOverride diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in index 94baddb274c..a62467b7a70 100644 --- a/docs/conf/httpd.conf.in +++ b/docs/conf/httpd.conf.in @@ -97,20 +97,9 @@ ServerAdmin you@example.com # it explicitly to prevent problems during startup. # # If your host doesn't have a registered DNS name, enter its IP address here. -# You will have to access it by its address anyway, and this will make -# redirections work in a sensible way. # #ServerName www.example.com:80 -# -# UseCanonicalName: Determines how Apache constructs self-referencing -# URLs and the SERVER_NAME and SERVER_PORT variables. -# When set "Off", Apache will use the Hostname and Port supplied -# by the client. When set "On", Apache will use the value of the -# ServerName directive. -# -UseCanonicalName Off - # # DocumentRoot: The directory out of which you will serve your # documents. By default, all requests are taken from this directory, but diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml index f2acbffa5f1..ad8e8b78f67 100644 --- a/docs/manual/mod/core.xml +++ b/docs/manual/mod/core.xml @@ -2956,7 +2956,7 @@ certain events before failing a request Configures how the server determines its own name and port UseCanonicalName On|Off|DNS -UseCanonicalName On +UseCanonicalName Off server configvirtual host directory diff --git a/server/core.c b/server/core.c index 3c72b61cef9..b0e14c4224b 100644 --- a/server/core.c +++ b/server/core.c @@ -876,8 +876,8 @@ AP_DECLARE(const char *) ap_get_server_name(request_rec *r) d = (core_dir_config *)ap_get_module_config(r->per_dir_config, &core_module); - if (d->use_canonical_name == USE_CANONICAL_NAME_OFF) { - return r->hostname ? r->hostname : r->server->server_hostname; + if (d->use_canonical_name == USE_CANONICAL_NAME_ON) { + return r->server->server_hostname; } if (d->use_canonical_name == USE_CANONICAL_NAME_DNS) { @@ -895,7 +895,7 @@ AP_DECLARE(const char *) ap_get_server_name(request_rec *r) } /* default */ - return r->server->server_hostname; + return r->hostname ? r->hostname : r->server->server_hostname; } /*