????????
????Boa ?????????????? WEB ??????????????????豸???
?????? Boa ???????????? CGI  ?????????????Щ????
?????????????? Boa ?? CGI ?? Status/Location ????????????????????.
?????汾: ???а汾 (0.94.13)
???????: BOA ???? CGI ????????????????? Status ?? Location
???????????:
????CGI/1.1 ????漲?? CGI ?????????? Status ???? HTTP ?????(?磬 Status: 500 Internal Error) ??
????Location ???е??????? (?磬 Location: www.xxx.com)?? ?????????????????е?λ??.
????Boa ??? Stauts ?? Location ?????????? ??????????????????? Stauts ?? Location ????????е?
????CGI ???. ???? CGI ????????????????? ??????? Boa ???Web Server ?????????.
?????????:
????ASP/PHP/JSP/Perl/... ??? header?? redirect?? ... ????????? Stauts/Location ???????????????
????????????. Boa ?????????? CGI ???????????????.
????????????(??Status/Location????????):
????Apache 1.3.x/2.x         IIS 4.x/5.x/6.X        Boa 0.9x                 thttpd                 mini-httpd
??????????                        ??????                * ???????                 ??????               ??????
??????????
??????????
????CGI ??ó???????????? ???? HTTP ?????????????. ?磬???????????????????????? C ?????
????HTTP/1.0: printf("Pragma: no-cache "); ??
????HTTP/1.1: printf("Cache-Control: no-cache; no-store ");
????????? ???????????????????????? Cookie ??????????(200 OK) ?????????
?????????????????? http ???????? CGI ???????????? "Status: " ?? "Loction: "??
??????Э??漲?? Web ??????????????????? "Status: " ?????????????? ??? "Location: " ???е???????
???????????????? "HTTP/1.0 302 Moved Temporarily " ?? "HTTP/1.1 302 Found ".
???????????????? CGI ????????λ??.
???????? Boa Source Code:
????cgi_header.c  Line 82-136 ???????? Boa ????? CGI ???????У? ???? "Status: "?? "Location: "?? ???????
23
24         int process_cgi_header(request * req)
25         {
26             char *buf;
27             char *c;
28
29             if (req->cgi_status != CGI_DONE)
30                 req->cgi_status = CGI_BUFFER;
31
32             buf = req->header_line;
33
34             c = strstr(buf?? " ");
35             if (c == NULL) {
36                 c = strstr(buf?? " ");
37                 if (c == NULL) {
38                     log_error_time();
39                     fputs("cgi_header: unable to find LFLF "?? stderr);
40         #ifdef FASCIST_LOGGING
41                     log_error_time();
42                     fprintf(stderr?? ""%s" "?? buf);
43         #endif
44                     send_r_bad_gateway(req);
45                     return 0;
46                 }
47             }
48             if (req->simple) {
49                 if (*(c + 1) == ' ')
50                     req->header_line = c + 2;
51                 else
52                     req->header_line = c + 1;
53                 return 1;
54             }
55             if (!strncasecmp(buf?? "Status: "?? 8)) {
56                 req->header_line--;
57                 memcpy(req->header_line?? "HTTP/1.0 "?? 9);
58             } else if (!strncasecmp(buf?? "Location: "?? 10)) { /* got a location header */
59         #ifdef FASCIST_LOGGING
60
61                 log_error_time();
62                 fprintf(stderr?? "%s:%d - found Location header "%s" "??
63                         __FILE__?? __LINE__?? buf + 10);
64         #endif
65
66
67                 if (buf[10] == '/') {   /* virtual path */
68                     log_error_time();
69                     fprintf(stderr??
70                             "server does not support internal redirection: "
71                             ""%s" "?? buf + 10);
72                     send_r_bad_request(req);
73
74                     /*
75                      * We (I?? Jon) have declined to support absolute-path parsing
76                      * because I see it as a major security hole.
77                      * Location: /etc/passwd or Location: /etc/shadow is not funny.
78                      *
79                      * Also?? the below code is borked.
80                      * request_uri could contain /cgi-bin/bob/extra_path
81                      */
82
83                     /*
84                        strcpy(req->request_uri?? buf + 10);
85                        return internal_redirect(req);
86                      */
87                 } else {                /* URL */
88                     char *c2;
89                     c2 = strchr(buf + 10?? ' ');
90                     /* c2 cannot ever equal NULL here because we already have found one */
91
92                     --c2;
93                     while (*c2 == ' ')
94                         --c2;
95                     ++c2;
96                     /* c2 now points to a ' ' or the ' ' */
97                     *c2++ = '