Added the ability to put new handlers before other handlers in the handler chain for a uri.

git-svn-id: svn+ssh://rubyforge.org/var/svn/mongrel/trunk@144 19e92222-5c0b-0410-8929-a290d50e31e9
2022-11-09 13:48:40 -05:00 · 2006-04-04 05:24:55 +00:00 · 2006-04-04 05:24:55 +00:00 · d649d856eb
commit d649d856eb
parent 08b5169a10
6 changed files with 166 additions and 12 deletions
--- a/doc/site/src/default.template
+++ b/doc/site/src/default.template
@ -47,6 +47,19 @@

        <dl>

+          <dt>Apr-3-2006</dt>
+          <dd>
+            <h5><a href="{relocatable: news.html}">Mongrel 0.3.12.1 -- Iron Mongrel</a></h5>
+
+            <p>This release is the result of pounding the crap out of Mongrel since the
+	    last release to make it more robust in the face of really bad traffic.  It is
+	    pretty ruthless so people should test and report if it's too ruthless.</p>
+
+	      <a href="http://rubyforge.org/frs/?group_id=1306" title="Downloads">Download</a>
+	      <a href="{relocatable: news.html}"><img src="{relocatable: images/li4.gif}" alt="more" /><br /></a></p>
+          </dd>
+
+
          <dt>Mar-30-2006</dt>
          <dd>
            <h5><a href="{relocatable: news.html}">Mongrel 0.3.12 -- Pre-Release</a></h5>
@ -54,6 +67,7 @@
            <p>The official 0.3.12 release of Mongrel is here.  This release is hot, but test test test.
 	      Should support Rails 1.1 and has lots of debugging and tweaks.</p>

+	      <a href="http://rubyforge.org/frs/?group_id=1306" title="Downloads">Download</a>
 	      <a href="{relocatable: news.html}"><img src="{relocatable: images/li4.gif}" alt="more" /><br /></a></p>
          </dd>

@ -138,15 +152,6 @@
 	      <a href="{relocatable: news.html}"><img src="{relocatable: images/li4.gif}" alt="more" /><br /></a></p>
          </dd>

-          <dt>Feb-18-2006</dt>
-          <dd>
-            <h5><a href="{relocatable: news.html}">Mongrel 0.3.5 -- CGI Fixed</a></h5>
-
-            <p>A complete rewrite of the CGIWrapper that actually works.</p>
-	      <a href="http://rubyforge.org/frs/?group_id=1306" title="Downloads">Download</a>
-	      <a href="{relocatable: news.html}"><img src="{relocatable: images/li4.gif}" alt="more" /><br /></a></p>
-          </dd>
-
        </dl>
      </div>
      <hr noshade="noshade" size="1" />
--- a/doc/site/src/images/iron_mongrel.jpg
+++ b/doc/site/src/images/iron_mongrel.jpg
--- a/doc/site/src/images/spaceball.gif
+++ b/doc/site/src/images/spaceball.gif
--- a/doc/site/src/news.page
+++ b/doc/site/src/news.page
@ -7,6 +7,54 @@ ordering: 2

 h1. Latest News

+h2. Apr-3:  Mongrel 0.3.12.1 -- Iron Mongrel
+
+!/images/iron_mongrel.jpg!
+
+This is the Iron Mongrel release.  It is the result of trying to trash Mongrel
+until it can't move and then fixing anything that comes up.  The testing
+methods used are:
+
+# Increased the number of unit tests against the main C parts.
+# Write several tests against Mongrel's parser which throw it tons of random data.
+# Use "Peach Fuzz":http://peachfuzz.sourceforge.net/ to thrash several live apps with randomness.
+# Wrote several extensive little scripts to explore the edges of death for Mongrel.
+# Heavy code audits covering as much code as possible to find any possible loose ends.
+
+The end result is a lot of little fixes which make Mongrel more robust against 
+badly behaving clients and possibly against many potential security risks in 
+the future.  In general Mongrel 0.3.12.1 behaves more consistently compared
+to past releases when given random data or maliciously formatted data.
+
+The main changes are related to how IO is processed and how the HTTP parser rejects
+"bad" input.  What the parser now blocks is:
+
+* Any header over 112k.
+* Any query string over 10k.
+* Any header field value over 80k.
+* Any header field name over 256 bytes.
+* Any request URI greater than 512 bytes.
+
+As soon as these conditions are detected the client is disconnected immediately and a
+log message is printed out listing the IP address, the exact cause, and the data that caused it. I'll 
+remove the data dump later, but I want people to shoot me valid requests that cause parser
+errors.
+
+That's not all though.  I've started a "security":security.html page where I'll publish
+the results of security threats, tests, and improvements as well as any advice for
+folks.
+
+This release also features a few little features here and there:
+
+* Initial support for a "config script".  I'll be documenting this more, but it basically lets you use the Mongrel::RailsConfigurator to augment your application's config via a small script.  Just pass "-S config/mongrel.rb" and put any Mongrel::RailsConfigurator statements that are reasonable.
+* Mongrel will report the correct REMOTE_ADDR variable, but it does a little trick where if there
+is an X-FORWARDED-FOR header then it sets REMOTE_ADDR to that.
+* Fixes for little bugs like double log messages, but not a lot of changes to the overall core.
+
+Go ahead and install the usual way:  gem install mongrel *or* gem upgrade
+
+The logo is courtesy court3nay from irc.freenode.org.
+
 h2. Mar-30:   Mongrel 0.3.12 -- OFFICIAL Release

 This is the long awaited (like 2 weeks) 0.3.12 release of Mongrel.  This release
--- a/doc/site/src/security.page
+++ b/doc/site/src/security.page
@ -0,0 +1,95 @@
+---
+title: News
+inMenu: true
+directoryName: News
+ordering: 2
+---
+
+!/images/iron_mongrel.jpg!
+
+h1. Iron Mongrel Security
+
+This is where I'll be putting security tests, alerts, and advice for people 
+running Mongrel.  I test Mongrel fairly heavily using the following techniques:
+
+# Unit testing what I can.  Mongrel is a server so many tests have to be done "live".
+# Thrashing Mongrel's HTTP parser internally with random or near-random data (called fuzzing).
+# Using "Peach Fuzz":http://peachfuzz.sourceforge.net/ to thrash several live apps with randomness.
+# Running several extensive little scripts to explore the edges of death for Mongrel.
+# Heavy code audits covering as much code as possible to find any possible loose ends.
+
+The end result is a lot of little fixes which make Mongrel more robust against 
+badly behaving clients and possibly against many potential security risks in 
+the future.
+
+
+h2. Mongrels HTTP Restrictions
+
+Many of the exploits out there currently for web servers tend to expoit
+either ambiguous areas of the HTTP grammar, or the lack of size specifications
+in the protocol.  To protect against this Mongrel uses a fairly strict parser,
+but since many browser authors don't read specifications (and hell, who'd want
+to read the mountain of HTTP specifications out there), it can't be too 
+strict.  What it does enforce--apart from well formed headers and request lines--is 
+the following size restrictions on each part:
+
+* Any header over 112k.
+* Any query string over 10k.
+* Any header field value over 80k.
+* Any header field name over 256 bytes.
+* Any request URI greater than 512 bytes.
+
+The large header size and field value is due to cookies being allowed to be so massive.
+It's not too clear whether a browser is allowed to cram all 20 of the 4k cookies
+into one cookie header, or if it should use multiple, but the end result is that
+a web server has to parser at least 112k of garbage before it can declare a client
+malicious.
+
+Now, when I say Mongrel is strict, I don't mean that it will abort on any
+minor little error according to the HTTP 1.1 RFC.  Mongrel's parser is
+pretty forgiving on formats.  Where Mongrel is exact is--as mentioned 
+before--in it's treatment of sizes and boundary characters.  Clients that
+can't even get that right aren't following the most basic safety elements
+of HTTP and you probably shouldn't deal with them.
+
+
+h2. Quiet Things Happens To Bad People
+
+Rather than wasting any more time--and in order to not give out any 
+information to potentially malicious attackers--Mongrel just closes
+the socket immediately.  This may confuse good people, but it's the
+best way to deal with bad requests.
+
+The assumption is that either the requesting client is not functioning
+correctly or it's attempting an attack.  If it's not functioning correctly
+then what's the point of sending back any results?  It probably can't
+parse them anyway.  If it's an attacker then why give them any more
+information?
+
+Caught in the middle are people who are using a poorly written client.
+I'd suggest in those cases that they report the problem to the client's
+authors or contact me to see if it's an error on Mongrel's part.
+
+
+h2. Protocol Error Reporting
+
+The 0.3.12.1 release was the first Iron Mongrel release, but it isn't perfect
+for sure.  To make sure that it doesn't prevent people from making tons of 
+money the 0.3.12.1 release will report what data caused the parser to fail.
+If you see a legit request that causes the parser to choke then send it to
+me and I'll take a look.
+
+In general though, if you are getting bad requests they are probably intentionally
+malicious.  The nice thing about Mongrel's parser is that the detection of
+bad requests isn't based on pattern detection, but rather on just making the
+HTTP protocol more strict to where bad requests get kicked out early.
+
+
+h2. Reporting Security Problems
+
+If you think you've found a security problem with Mongrel, please
+report it to me right away at *zedshaw at zedshaw do com*.  I'm usually
+very responsive and will probably help even if the security problem is
+outside of Mongrel or if you need help securing your system.
+
+
--- a/lib/mongrel.rb
+++ b/lib/mongrel.rb
@ -524,14 +524,20 @@ module Mongrel
    # Simply registers a handler with the internal URIClassifier.  When the URI is
    # found in the prefix of a request then your handler's HttpHandler::process method
    # is called.  See Mongrel::URIClassifier#register for more information.
-    def register(uri, handler)
+    #
+    # If you set in_front=true then the passed in handler will be put in front in the list.
+    def register(uri, handler, in_front=false)
      script_name, path_info, handlers = @classifier.resolve(uri)

      if not handlers
        @classifier.register(uri, [handler])
      else
        if path_info.length == 0 or (script_name == Const::SLASH and path_info == Const::SLASH)
-          handlers << handler
+          if in_front
+            handlers.unshift(handler)
+          else
+            handlers << handler
+          end
        else
          @classifier.register(uri, [handler])
        end
@ -662,7 +668,7 @@ module Mongrel
    # * :handler => Handler to use for this location.
    def uri(location, options={})
      ops = resolve_defaults(options)
-      @listener.register(location, ops[:handler])
+      @listener.register(location, ops[:handler], in_front=ops[:in_front])
    end