This document outlines the steps followed by SRE-http when a new
request is received. The goal is to provide a general outline,
without
burdening the reader with the details of how it actually works. That is,
some familiarity with the various SRE-http parameters is assumed, or
a willingness to check the main documentation
or the description of the initialization parameters !
- Image map requests
The request string is compared against the NCSA_ISMAP and CERN_ISMAP variables.
If a match is found, the image map routine is called, which invokes a redirection to
the chosen URL.
Note that the MAX_POINTDIST variable
is used by the image map routines.
Note that HTACCESS is never checked for image map requests (but
HTML documents that contain clickable images are subject to HTACCESS controls!)
- CGI-BIN requests.
If a GET or POST request starts with a CGI-BIN/, and the CGI_BIN_DIR
variable is set, then the request is assumed to be a CGI-BIN requests.
- The alias file is checked again, this time for a match for a matching
CGI-BIN script name. If found, the alias entry should contain the fully qualified directory
containing the CGI-BIN script. If not found, the CGI-BIN script is assumed to
be in the CGI_BIN_DIR directory. Exception: If the CGI-BIN portion
of the request selector is preceeded by a directory entry, then this
subdirectory (of CGI_BIN_DIR), or this virtual directory, will be used.
- The CGI-BIN processor is called, and the results from the CGI-BIN script
are returned (or an error message if no such script exists).
Notes:
- There are 2 variants of the CGI-BIN processor -- a standard CGI-BIN
script processor, and a (somewhat experimental) "send output as it is generated"
script processor. The
CGI_BIN_PIECES parameter, and the !CGI-BIN_n
special directives control which one is used.
- Jump to the post-filter step.
- Special Requests
If the request starts with a !, then one of the several special request
might be processed.
- The valid special requests are:
ping, statistics, host, reset, save, and variable.
Save,reset, and variable require SUPERUSER or CONTROL privileges.
Otherwise,an error response is returned.
- The !DIR special request will create a directory listing.
It looks at the DIR_OPTIONS and DIR_EXCLUSION parameters
for options. It also will check the "directory cache" for a match to
the requested directory, and use it if possible.
- Several special directives are also recognized:
- !SENDAS_type_subtype/sel is used to force SRE-http to return
the sel with a content-type:type/subtype response
header (that is, the normal SRE-http methods for determining MIME type
are suppressed).
- !DELSEND/filename.ext will transfer a file
from the TEMPFILE_DIR, and then delete it.
- If a !RANGE special directive is found, then only the indicated
range of the resource will be sent (this can be partially suppressed with the
RANGE_AT_END variable).
- !FORCE/asel will force a logon, and will
suppress use of the SSI-Cache.
- For special requests: Jump to the post-filter step.
For special directives: preceed to GET step
- GET and HEAD requests
HEAD requests are treated the same as GET requests -- except for the
"minor" detail that the actual contents of the response is not sent!
There are 4 classes of GET (and HEAD) requests.
- Request for non-html files.
The request selector is matched to a file, using the data directory
or a local or remote virtual directory. If DO_HTACCESS is
on, then check appropriate HTACCESS file(s) for access privileges.
- Requests for Html files.
The request selector is matched to a file, using the data directory
or a local or remote virtual directory. If DO_HTACCESS is
on, then check the appropriate HTACCESS file(s) for access privileges.
- HTML files are recognized by extensions of .HTM, .HTML, .SHT,
.SHTML, or .HTML-SSI. You may add to the list of HTML file "extensions"
by modifying MEDIATYP.RXX (MEDIATYP.RXX can also be used to add new
MIME type definitions). You can also change the "server side includes allowed"
list by modifying the SSI_EXTENSIONS variable.
Lastly, you can use MIME advanced option
to explicitily specify the mime type.
- On GET requests: If AUTO_HEADER="ALWAYS", then
LINK, NAME and META-EQUIV elements in the HEAD are used to create
extra response headers (for HEAD method requests, this header extraction
will occur if AUTO_HEADER='ALWAYS' or 'HEAD')
- If SSI_SHTML_ONLY is on, then check the
SSI_EXTENSIONS (the "server side includes allowed" list) to
see if this file can have server side includes added.
Otherwise, all HTML files are checked for
server side includes. In both cases, if NO_INCLUDE is on,
or a NO_SSI
permission applies to the selector, server side processing will not occur.
However, a YES_SSI SEL-specific permission forces SRE-http
to check an HTML document for server side includes (YES_SSI overrides
NO_SSI, NO_INCLUDE, and SSI_SHTML_ONLY).
- If SSI_CACHE_ON is on, then check to see if the
SSI-Cache contains an entry for this file. If it does, either send it
"as is", or use it in the following steps.
- If the advanced options are enabled, check for SSI_suppression
directives.
- If the request selector includes a ? followed by a text string, the text
string is assumed to contain OPTIONS, which can be used
in server side includes.
- Searchable indices, which are often specified as HTML files followed
by ?string, should be interpreted through the use of an alias (the alias
maps the request for an HTML file to a call to an appropriate external
program, such as DOSEARCH).
- Note that server side includes are processed recursively
- REPLACE_RULES, specified in INITFILT.80 and in the advanced-options file,
can be used to replace strings anywhere in an HTML file.
- The DELIM_1. and DELIM_2 variables
are used to define keyphrases
- The following variables may be used for various server side includes:
HEADERS., FOOTERS., INHOUSE., SUPERUSER., WEBMASTER, OPTION_HIT_LINE
. In addition, the REPSTRGS_FILE
may be checked for custom written "static REPLACEment strings".
- The COUNTER_FILE may be used to record the
"number of hits" -- after checking the repetitive hits cache
(the repetitive hits cache is configured by
the HIT_CACHE_LEN, HIT_CACHE_DURATION,
and HIT_OWNER_SUPPRESS variables).
- If NO_INTERPRET_CODE is on, or a NO_CODE permission applies to this
request, then SELECT and INTERPRET CODE keyphrases are ignored.
- Dynamic privileges can be added by using ADDPRIVS.RXX in an INTERPRET FILE
keyphrase.
Note that the added client privilege is modified by the
ADD_PRIVS_PREFIX variable.
- Secret privileges (that start with a ?) will be extracted (and reported
to addons along with "regular" privileges)
- If advanced options are enabled, HEADER and
RESPONSE directives are processed. In addition, see if a "selector specific"
mimetype was specified.
- Lastly, the HTML document (perhaps with server side includes) is returned
to the client.
- Server side processing requests
For GET, HEAD, and (depending on how the addon is written) POST requests,
SRE-http will check several conditions before returning the response. These include:
- If-modified-since, If-unmodified-since, If-Match, and If-none-match
"conditional get" request headers are checked. If they should be relevant
(say, a resource is older then the if-modified-since date), then the
contents of the resource may not be returned (for example, a 304 Unmodified
response may be returned).
- If specified, delta-encoding
may be attempted. Furthermore, the current
"instance" of the resource (the actual response body) may be saved
(in the TEMP\DELTAS) directory for possible use in a future delta-encoded
response.
- Appropriate cache and expiration header will be added (whose values
wil depend on the temporariness, and the accessiblity, of the resource). In particular,
for "temporary files", an offset (set by the FIX_EXPIRE variable) may be added to
the current time, and then used in the Expires header.
- A Content-MD5 digest may be added (if CONTENT_MD5>0)
- If the CE_GZIP parameter is enabled, or a CE_GZIP advanced option applies
to this selector, then the response is GZIPped and a GZIP content-encoding
header is added. This is not attempted if a GZIP content-encoding
header is already present (say, due to content-negotiation).
- If the acceptable transfer encoding request header
indicates that GZIP compression should occur (TE: gzip), and
there is no GZIP content-encoding, then the
contents will be GZIPped,
and the appropriate response header (Transfer-encoding: gzip,chunked)
will be added.
- If SREPROXY is being used, then possibly record some request
information.
cache
- POST requests
POST requests are handled just like GET requests for server side processing.
The only difference is that the argument list is pulled from the "body"
of the request, rather then from the "request selector".
If a "file upload" request occurs, the UPLOAD_MAXSIZE, UPLOAD_MINFREE
and UPLOAD_DIR variables are used.
(note that this applies to GET method transactions also).
If DO_HTACCESS is on, then check any appropriate
HTACCESS file (in the directory tree that contains the program).
For "built in" and "included" programs, the GoServe directory is
checked for an HTACCESS file.
- PUT requests
PUT request (for transfering files to the server) are honored only if
a PUT permission applies to the selector.
If DO_HTACCESS is on, then check any appropriate
HTACCESS file(s) (in the directory-tree that is the target of the PUT).
- DELETE requests
DELETE request (for deleting files on the server) are honored only if
a DELETE permission applies to the selector.
If DO_HTACCESS is on, then check any appropriate
HTACCESS file(s) (in the directory tree that contains the
file to be deleted).