similar to: expires header for .css

I just found a vulnerability in one of my web apps that was running Mongrel 1.1.2 where I could go to URIs like /.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd and it would serve the actual /etc/passwd file. The issue seems to be in lib/mongrel/handlers.rb in the change from 1.0.3 to 1.0.4 req_path = HttpRequest.unescape(path_info) - if @path - req_path =

Hi On my website i m getting B Grade with 87 points. Now i want to make it A and there is a scope to do that. I have added Google Analytics code which is y my gzip component and header expire grade goes to B from A. I need to use Google Analytics so cant i set header expires and gzip that? Another thing is that CDN is not something for a small website. So isnt there a way out where we can set

I have a strange performance issue and have no idea how to find the bottle neck. A page on my site (http://www.neco.com/events/2783239) is taking way too long to load. So I decided to test it out via curl to see how fast it was downloading the page and this is what I got: ben-johnsons-macbook-pro-17:neco-website benjohnson$ time curl -o output.txt http://www.neco.com/events/2783239 % Total %

Is there a pragma to turn off padding or some other mechanism besides dummying up fields to make them char[] to disable padding? Thanks!

hello, i'm using an apache server to host 8 virtual hosts. even though this server is local.. 7 out of these 8 virtual hosts open extremly slow.. it takes around 10 seconds to open a page.. though the 8th (which is a completely different site) it opens fairly fast in around 1 or 2 seconds tops.. i tried tailing the error_log and i found nothing .. is there a way i could monitor wht each

This is a proposed patch for the security hole reported today. You can just add the test for @path being at index 0 in the exanded req_path as shown below. Take heed of the comment I''ve added too, and there was a test for this very attack in the unit test suite, so it was removed by someone as well. I didn''t test this but I''m pretty sure it''s the fix. ===

Jeremy, I found your old message with this title. I struck the same thing, where the current drive wasn''t the same as the drive I wanted to serve (some) files from. So here''s the patch to add to lib/mongrel/handlers.rb contains class DirHandler. I added two things, first to initialize: def initialize(path, listing_allowed=true, index_html="index.html")

Howdy. I''m working on a RoR CMS and need cached pages to all be in public/cache rather than public [in order to set svn:ignore on all the files properly]. I can get page_cache_directory set correctly and the pages are cached in the right place but Mongrel isn''t serving them because it''s only looking for them in public. During development I know I can set -r public/cache

im trying to figure out how to serve a favicon.ico for my app, does anyone have a line for Mongrel::Configurator? all i can see is that everyone seems to use the 404 handler...how boring.. uri "/favico", :handler => Mongrel::DirHandler.new(File.dirname(__FILE__)+"/favicon.ico") is sort of close, but it says The image ?http://m/favicon.ico? cannot be displayed, because it

0 down vote favorite I notice that in my production enviornment (where I have memcached implemented) in see a cache-control - max-age header in firebug, anytime I am looking at an index page (posts for example). Cache-Control max-age=315360000 In my dev environment that header looks like following. Cache-Contro private, max-age=0, must-revalidate As far as I know I have not done anything

A new TRAC entry with patch has been added (initially for Camping) to allow X-SendFile on Windows to use DirHandler to send files on drives other than the current drive, if the DirHandler base path is "/" (which is the way Camping uses DirHandler). As it was, "/" gets expanded to "C:/", and then you can''t serve files on any other drive, which I needed to do

Hi we have samba 3.0.14a on FreeBSD 5.4. We tried with different kind of locking and oplocks (both enabled and disabled). If we try to copy from a Windows XP client a file larger than 3g, we get these error: Cannot copy XXX. The specified network name is no longer available. We traced this problem in the logs (log level 10) and we got this error ------------ [2006/09/19 10:29:41, 5]

Hey Folks, Another announcement of Mongrel -- the fastest little web server library for Ruby yet. This release is nice in that it should build on win32 better and it now sports a small DirHandler that can serve directories and files. This means Mongrel is closer to replacing WEBrick as a Rails debug runner. You can get the releases and information from: *

im using Mongrels to serve up /usr/portage/packages for other gentoo boxen. since i guess im the guinea pig with the DirHandler, ran into a couple issues: first, the client showed no files in the remote binhost, turns out the DirHandler was adding a trailing "/" to every filename, presumably making the client think they were directories, not files. attached is a patch which fixes this

Dears, My Ror setup works.. but I can''t guess why <%= stylesheet_link_tag ''style'' , :media=> ''screen''%> is rended as <link href="/stylesheets/style.css?1154009736" media="screen" rel="Stylesheet" type="text/css" /> What is that number.. any usage ?? Or I misconfigured something ? Thanks

Hi, I wanted to be able to use some Rails code inside CSS files, so I set up a controller (StylesController) to serve CSS files that reside inside the controller''s view folder when the browser requests /stylesheets/:action So in the controller I just define empty actions with the names I want my style sheets in (ie: def cooleffects end - that would respond to

It seems that Merb is sending static files with Mongrel::DirHandler. (mongrel_handler.rb:52) if get_or_head and @files.can_serve(path_info) # File exists as-is so serve it up MERB_LOGGER.info("Serving static file: #{path_info}") @files.process(request,response) I haven''t done benchmarks and I''ve hardly glanced at DirHandler''s code but the

Hello Mongrels, Building on the last messages about Fastthread, can we get a detailed survey of the different ways people are deploying their applications? It will help with near-future Mongrel development. Please include the following things: * Framework, if any (Camping, Merb, Rails, Nitro, Ramaze, IOWA, Rack...) * Mongrel version * Mongrel handlers used (rails, dirhandler, camping,

I am not sure what i am doing wrong here, but no matter what i try i get no output from mongrel_config: $ mongrel_rails configtool $ telnet localhost 3001 Trying 127.0.0.1... Connected to localhost. Escape character is ''^]''. GET /config/ HTTP/1.1 HTTP/1.1 200 OK Connection: close Date: Tue, 19 Dec 2006 05:33:16 GMT Content-Type: text/html Content-Length: 0 Connection closed by

Hello. I just seen some errors in my mongrel application log: It seems related to the httpd OPTIONS keyword Example: Processing LoginController#login (for .30.5.208 at 2007-12-10 09:00:23) [OPTIONS] and our ruby application does not know what to do with it. and finally send an error Does mongrel (which is the http server) is supposed to deal with these kind of request ? I think these