RE: [users@httpd] Environment Variable contamination between vhosts - 1.3.33

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> -----Original Message-----
> From: Marc Powell [mailto:marc@xxxxxxx]
> Sent: Monday, August 08, 2005 10:28 AM
> To: users@xxxxxxxxxxxxxxxx
> Subject: RE: [users@httpd] Environment Variable contamination between
> vhosts - 1.3.33
> 
> 
> 
> > -----Original Message-----
> > From: Joshua Slive [mailto:jslive@xxxxxxxxx]
> > Sent: Sunday, August 07, 2005 8:50 PM
> > To: users@xxxxxxxxxxxxxxxx
> > Subject: Re: [users@httpd] Environment Variable contamination
between
> > vhosts - 1.3.33
> >
> > On 8/5/05, Marc Powell <marc@xxxxxxx> wrote:
> > > And so forth... We discovered a problem where the HTTPS
environment
> > > variable was incorrectly being set to ON for normal HTTP requests
> for
> > > one of our vhosts running SquirrelMail. Further investigation
> revealed
> > > that a number of environment variables were being
cross-contaminated
> > > between virtual hosts. For example, running phpinfo() under
> VirtualHost
> > > 1.1.1.1 would yield the following on one request (with no
> contamination)
> >
> > The first thing to do is to repeat this test with a standard CGI
> > script that dumps the environment (one is included with apache
httpd).
> >  This will help you figure out if it is a php problem or a general
> > apache problem.
> 
> Thanks for that whack Joshua. I do see the correct information only
when
> using printenv so that does point to PHP specifically at this point. I
> am concerned that I can see variables from other vhosts/requests with
no
> special manipulation on my part but that may be my lack of
understanding
> regarding what information Apache makes available to modules. I'll
> Google some more and see what I can discover related to PHP.

Well... no luck there. PHP's Rasmus Lerdorf said in direct response to
my inquiry --

"These variables are set by Apache and PHP repopulates them on each
request, so I don't really see how PHP could be causing this.

-Rasmus"

I feel like the middleman in a he-said-she-said fight ;) Judging by a
Google search for his name, he should certainly be in the know.

Any other suggestions?

--
Marc

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux