IntrFilt V1.06 Summary of Changes


Changes made in 1.06b

=====================

Fix !TEST option to turn on trace

Correct error in cgi authorisation checking

Force Challenge to exit immediately when WWW_Authenticate issued

Remove "Location" header fom SIBO response - problem with IE3

Add Return code logging - missed out from SIBO processing

cgi interface changed to do issue redirect when Location header found

Changes from version 1.05c to 1.06a

===================================

Provided stats command file to produce NCSA statistics and run wusage

Added Password file and Authorised Path update cgi programs

Added Authorisation checking on Path_Info for cgi, only checked once,

If the cgi url has been checked and "authorised", the Path-Info is not checked

Changes to the Directory structure and files for Authorisation

Added support for echo, fsize and flastmod to ssi

Included polygon code for click maps

Added capture of user-agent and referrer to the log

Moved VHost processing to before Redirection

Error setting path for cgi programs fixed

Socket Error 1022 - Possibly when data size is too large

change Process to send/receive in 1500 chunks

Possibly include Error templates

Changed tempfile to $txn_port from $txn.port

Added support for Perl cgi scripts using .pl suffix

External MediaType definition (in Globals.80)

Authorisation checking on sibo objects (and cgi-sibo?)

Bug where http://host (with no / etc) and index.html exists, the server returns 404 not found rather than index.html

Now correctly returns index.htm or index.html.


Changes in Version 1.05b

=======================

Fixed error where sibo damaged by embedded "."

Added user audit for http response code "U R response Text"

Changed user audit for www-authenticate "U A Realm User"

Improved the HTTP response codes usage


Version 1.05 Summary of Changes

Global.!dir (home directory path) is no longer used

Global.!cgiPath is no longer used

Global.!cgiHome is now set in Alias/ no longer used

Complete re-write of Alias function to mirror IBM Connection Server

Authorise changed to return 1 for success 0 not unauthorised

Authorise now validates against the url, and not the translated path.

Control of valid paths is done in Alias function

Included capture of url starting with ! for controlling the server

A URL of "!Refresh_Globals" - Reloads the globals

added Realm "admin" covering "!"

Fixed bug in click map where loop could occur

added "NVM" suffix for click maps (used by Navipress/GNNPress/AOLPress)

added ';' comment line delimeter for maps

BUG

fixed bug where clickmap redirect returns true hostname, not vhost defined alias

Added translation of "/" url when HOST: header is present to redirect to

the host's directory. Searches for directory that matches first part of the

Host name.

HTMLSwitch tests not done if value =''

Changed response code of "Objects" from 201 Created to 200 OK, because NS3 doesn't seem to like 201!


IntrFilt V1.04 Summary of Changes

The HTML version switching software was developed as a result of suggestions from Terrance Linden, who also provided me with the initial data on Browser names and HTML levels.

The sample globals file contains the information I have to date on HTML levels supported by different browsers. I have not been able to test many of these, please feed back any comments, errors or additions.

The cgi interface has been tested for compatability using the IBM Connection Server as a standard for comparison. The sample REXX cgi scripts are the only ones tested so far. I do not suggest you install them for Public access as they both offer potential security breaches:

The "test" filter exposes you OS/2 environment for public scrutiny, so if you have for example telnet enabled, your password will become visible to the whole world!

The "dir" exposes your entire (web document) directory structure regardless of authorisation, even though you annot download a file unless you pass the basic authorisation. It also allows entries "../../" to get back to the root of the disk!


|- Redirection -|- Hosts -|- Authorisation -|- Click Maps -|- Business Objects -|- Archiving -|- Globals -|- HTML Level Switching -|- cgi Processing -|

Designed by and Copyright 1996 Derek Sims