This patch to Apache 1.3.3 prevents the server from sending file path information on a 500 (Internal Server Error) response. It also fixes a couple cases where 501 (Method Not Implemented) was being misused. ....Roy Fielding Index: main/http_config.c =================================================================== RCS file: /home/cvs/apache-1.3/src/main/http_config.c,v retrieving revision 1.134 diff -u -r1.134 http_config.c --- http_config.c 1998/09/26 00:07:08 1.134 +++ http_config.c 1998/10/30 22:06:36 @@ -479,7 +479,7 @@ const char *handler; char *p; size_t handler_len; - int result = NOT_IMPLEMENTED; + int result = HTTP_INTERNAL_SERVER_ERROR; if (r->handler) { handler = r->handler; @@ -509,7 +509,7 @@ } } - if (result == NOT_IMPLEMENTED && r->handler) { + if (result == HTTP_INTERNAL_SERVER_ERROR && r->handler) { ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, r, "handler \"%s\" not found for: %s", r->handler, r->filename); } @@ -526,7 +526,7 @@ } } - return NOT_IMPLEMENTED; + return HTTP_INTERNAL_SERVER_ERROR; } /* One-time setup for precompiled modules --- NOT to be done on restart */ Index: main/http_protocol.c =================================================================== RCS file: /home/cvs/apache-1.3/src/main/http_protocol.c,v retrieving revision 1.246 diff -u -r1.246 http_protocol.c --- http_protocol.c 1998/10/19 05:59:35 1.246 +++ http_protocol.c 1998/10/30 22:06:36 @@ -2297,10 +2297,13 @@ ap_escape_html(r->pool, r->uri), " evaluated to false.

\n", NULL); break; - case NOT_IMPLEMENTED: + case HTTP_NOT_IMPLEMENTED: ap_bvputs(fd, ap_escape_html(r->pool, r->method), " to ", ap_escape_html(r->pool, r->uri), " not supported.

\n", NULL); + if ((error_notes = ap_table_get(r->notes, "error-notes")) != NULL) { + ap_bvputs(fd, error_notes, "

\n", NULL); + } break; case BAD_GATEWAY: ap_bputs("The proxy server received an invalid\015\012", fd); @@ -2387,9 +2390,19 @@ "caused the error.

\n" "More information about this error may be available\n" "in the server error log.

\n", NULL); - if ((error_notes = ap_table_get(r->notes, "error-notes")) != NULL) { - ap_bvputs(fd, error_notes, "

\n", NULL); - } + /* + * It would be nice to give the user the information they need to + * fix the problem directly since many users don't have access to + * the error_log (think University sites) even though they can easily + * get this error by misconfiguring an htaccess file. However, the + * error notes tend to include the real file pathname in this case, + * which some people consider to be a breach of privacy. Until we + * can figure out a way to remove the pathname, leave this commented. + * + * if ((error_notes = ap_table_get(r->notes, "error-notes")) != NULL) { + * ap_bvputs(fd, error_notes, "

\n", NULL); + * } + */ break; } Index: modules/proxy/mod_proxy.c =================================================================== RCS file: /home/cvs/apache-1.3/src/modules/proxy/mod_proxy.c,v retrieving revision 1.62 diff -u -r1.62 mod_proxy.c --- mod_proxy.c 1998/09/08 21:15:55 1.62 +++ mod_proxy.c 1998/10/30 22:06:37 @@ -397,7 +397,7 @@ if (strcasecmp(scheme, "ftp") == 0) return ap_proxy_ftp_handler(r, cr, url); else - return NOT_IMPLEMENTED; + return HTTP_FORBIDDEN; } /* -------------------------------------------------------------- */