Re: difference on linux advanced server...

From: Paul Bryan (pa_bryan@yahoo.co.uk)
Date: 08/22/02


From: Paul Bryan <pa_bryan@yahoo.co.uk>
To: security-discuss@linuxsecurity.com, "Dharmendra.T" <dharmu@nsecure.net>, "Michael French" <mfrench@ashevillemail.com>
Date: Thu, 22 Aug 2002 23:06:18 +1000


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Is Banner Off a directive? I couldn't see it anywhere in the apache docs. A
search on the apache site for "banner" results in nothing found.

Another way to do it is with a banner-add script. It's not as bad as it
sound.

In Apache, add a rewrite rule to redirect all requests to you banner-add
script:

RewriteRule (.*) /banner-add.php?url=\1

This sends all requests to the banner-add.php script, passing the original
request as in a query string. This will overwrite any query string that was
there before. To avoid this, see the apache URL rewrite documentation.

Another thing to note is that this is an internal redirect ie. the client
never sees this - they just see the original url. Apache just serves up the
new file instead - transperantly to the client. Also, you can put this in a
virutal host directive so it only works on the web sites you want.

Now, for the banner-add script, here's a basic frame-based way of doing
things. There are problems with this, but it should get you started.

<FRAMESET ROWS="10%,90%">
    <FRAME SRC="banner.html">
    <FRAME SRC=<?php echo "\"${url}\"";?>>
</FRAMESET>
 
What this gives you is a two frames - one 10% of the screen with banner.html
as the source - this is your banner. The other frame takes up 90% of the
screen. The php code echo's out the url that was passed as a query string.
This gets returned to the client and forms the source of the main frame. Hey
presto, banner add at the top of every page.

There are problems, like getting a frame within a frame within a frame etc.
but you can code around that fairly easily. Another issue is that when the
browser requests the frame source, apache will see it exactly the same as the
first request and consequently rewrite the URL to the banner script again and
you'll have an endless loop ie. the browser requests the page, gets the
framset back, it then requests the same page as it is one of the frame
sources, it gets another frameset back, it requests the same page again, and
so on. To avoid this you could prepend something to the url eg.

<FRAME SRC=<?php echo "\"banner-${url}\"";?>

Then, back in your apache config add another rewrite rule before the first
one:

RewriteRule ^banner-(.*) \1 [L]
RewriteRule (.*) /banner-add.php?url=\1

The [L] means, if the pattern matches rewrite the url and exit - don't do
anymore rewrites. This is necessary, otherwise apache will drop through to
the next rewrite rule which will call your banner-add script.

This is just a quick solution I knocked up. It's more of a pointer to get
started than anything else. I'm about to look into this myself as well
because a need has just arisen for it. When I find out a good way to do
this, I'll post to this list about it.

You could write your banner-add script in Perl or whatever you like and make
it much more complicated than this simple example.

Hope that helps a bit,
Paul.

On Thu, 22 Aug 2002 18:40, Dharmendra.T wrote:
> On Thursday 22 August 2002 12:04, Michael French wrote:
> You can do this using
> Banner Off
> in Apache
> Regards
> Dharmendra.T
> Linux Security Expert
> www.nsecure.net
> dharmu@nsecure.net
>

- --
Paul Bryan
E-Mail: pa_bryan@yahoo.co.uk
 
PGP Key
http://www.keyserver.net:11371/pks/lookup?op=get&search=0xB1D405DA
For an idea to be fashionable is ominous, since it must afterwards be
always old-fashioned.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9ZOHN3qGyTLHUBdoRAnAGAJ9C9R0xNnfIZ8fvPCp9T8yz5g83twCgvnSE
Zc5RoES9QPrlJP9whJVLwZc=
=n37/
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.