DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=27039>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=27039 Apache incorrectly deal with .. directory call in URL Summary: Apache incorrectly deal with .. directory call in URL Product: Apache httpd-2.0 Version: 2.0.48 Platform: Sun OS/Version: Other Status: NEW Severity: Normal Priority: Other Component: Core AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] My Apache is a reverse proxy server with some virtual hosts defined as the following : <VirtualHost 102.168.1.5:9443> ServerName mywebsite.test.com ErrorLog /var/log/www/mywebsite.error.log CustomLog /var/log/www/mywebsite.access.log combined ProxyRequests Off RewriteEngine On RewriteLog /var/log/www/mywebsite.rewrite.log RewriteLogLevel 9 RewriteRule ^(.*)$ http://mywebsite.test.com$1 [P] ProxyRemote * http://webserver.test.com </VirtualHost> When requesting from my browser : http://mywebsite.test.com/../index.html Apache receive a GET for /../index.html 192.168.1.1- - [18/Feb/2004:16:52:05 +0100] "GET /../index.html HTTP/1.1" 502 122 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" But when the request is transmitted to mod_rewrite the "/../" sequence has disappeared: 192.168.1.1 - - [18/Feb/2004:16:52:05 +0100] [mywebsite.test.com/sid#100359d88] [rid#1004ef5c0/initial] (2) init rewrite engine with requested uri index. html 192.168.1.1 - - [18/Feb/2004:16:52:05 +0100] [mywebsite.test.com/sid#100359d88] [rid#1004ef5c0/initial] (3) applying pattern '^(.*)$' to uri 'index.html' 192.168.1.1 - - [18/Feb/2004:16:52:05 +0100] [mywebsite.test.com/sid#100359d88] [rid#1004ef5c0/initial] (2) rewrite index.html -> http://mywebsite.test.comindex.html 192.168.1.1 - - [18/Feb/2004:16:52:05 +0100] [mywebsite.test.com/sid#100359d88] [rid#1004ef5c0/initial] (2) forcing proxy-throughput with http://mywebsite.test.comindex.html 192.168.1.1 - - [18/Feb/2004:16:52:05 +0100] [mywebsite.test.com/sid#100359d88] [rid#1004ef5c0/initial] (1) go-ahead with proxy request proxy:http://mywebsite.test.comindex.html [OK] This was not occured when I used apache 1.3 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
