Bug#765347: Disable SSLv3 in default config
Package: apache2 Version: 2.4.10-5 Severity: wishlist Hi, The shipped mods-available/ssl.conf now contains: # The protocols to enable. # Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2 # SSL v2 is no longer supported SSLProtocol all I propose to change that to !SSLv3. This protocol version is long deprecated and only required to suport rare and insecure platforms like IE6 on XP. Those that really need it can enable it, but having it disabled would be a sane default for Jessie. Cheers, Thijs -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141014110628.539.63042.report...@aphrodite.kinkhorst.nl
Bug#718166: a2disconf fails on purge when conf already gone
Package: apache2 Version: 2.4.6-2 Severity: important Hi, My package phpmyadmin uses the apache2-maintscript-helper as documented on the Wiki. On purge, I get subprocess installed post-removal script returned error exit status 1. When running with set -x, it seems to be a2disconf that exits in error: apache2_invoke postrm: Purging state for phpmyadmin + [ -x /usr/bin/logger ] + local LOGGER=/usr/bin/logger -p daemon.info -t phpmyadmin + /usr/bin/logger -p daemon.info -t phpmyadmin apache2_invoke postrm: Purging state for phpmyadmin + a2disconf -p -f -q phpmyadmin dpkg: error processing phpmyadmin (--purge): subprocess installed post-removal script returned error exit status 1 Errors were encountered while processing: phpmyadmin # a2disconf -p -f phpmyadmin ERROR: Conf phpmyadmin does not exist! It seems logical to me that it would exit 0 when disabling a conf that has already disappeared, especially when it's invoked with the force option. cheers, Thijs -- Package-specific info: -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 3.10-1-amd64 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages apache2 depends on: ii apache2-bin 2.4.6-2 ii apache2-data 2.4.6-2 ii lsb-base 4.1+Debian12 ii mime-support 3.54 ii perl 5.14.2-21 ii procps1:3.3.8-2 Versions of packages apache2 recommends: ii ssl-cert 1.0.32 Versions of packages apache2 suggests: pn apache2-doc none pn apache2-suexec-pristine | apache2-suexec-custom none ii apache2-utils2.4.6-2 pn www-browser none Versions of packages apache2-bin depends on: ii libapr1 1.4.8-1 ii libaprutil1 1.5.2-1 ii libaprutil1-dbd-sqlite3 1.5.2-1 ii libaprutil1-ldap 1.5.2-1 ii libc62.17-7 ii libcap2 1:2.22-1.2 ii libldap-2.4-22.4.31-1+nmu2 ii liblua5.1-0 5.1.5-4 ii libpcre3 1:8.31-2 ii libssl1.0.0 1.0.1e-3 ii libxml2 2.9.1+dfsg1-2 ii perl 5.14.2-21 ii zlib1g 1:1.2.8.dfsg-1 Versions of packages apache2-bin suggests: pn apache2-doc none pn apache2-suexec-pristine | apache2-suexec-custom none pn www-browser none Versions of packages apache2 is related to: ii apache2 2.4.6-2 ii apache2-bin 2.4.6-2 -- Configuration Files: /etc/apache2/ports.conf changed [not included] /etc/apache2/sites-available/000-default.conf [Errno 2] No such file or directory: u'/etc/apache2/sites-available/000-default.conf' /etc/apache2/sites-available/default-ssl.conf [Errno 2] No such file or directory: u'/etc/apache2/sites-available/default-ssl.conf' -- no debconf information -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130728092134.26913.98692.report...@flowsel.uvt.nl
Bug#717496: Bug#717448: apache2: Invalid command 'AuthType'
On Sun, July 21, 2013 16:14, Arno Töll wrote: clone 717448 -1 reassign -1 apache2 retitle -1 apache2: Please enable authn_core by default thanks On 21.07.2013 15:59, Thijs Kinkhorst wrote: Does it make sense to allow to use mod_authn_file unconditionally in config files, but not allow authn_core unconditionally? authn_core provides directives that are common to all authentication providers. We can of course discuss this. I'm making a separate issue out of it, as its not directly related to the problem in phpmyadmin. So, let's discuss this. Why would we allow to use directives from the authn_file module without IfModules, but not those from authn_core, which provides facilities that authn_file needs? Or put differently, how does one use authn_file without specifying AuthType? Thijs -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/baae73ff47ae14aa89331515b93c3375.squir...@aphrodite.kinkhorst.nl
Bug#702866: mod_authn_core not enabled by default
Package: apache2 Version: 2.4.4-2 Severity: normal Hi, mod_authn_core is not enabled by default. This module makes common directives like AuthType work. Also, other authn_* types are enabled by default. Cheers, Thijs -- Package-specific info: Enabled MPM: event List of enabled modules: mpm_event (enabled by maintainer script) authz_core (enabled by maintainer script) authz_host (enabled by maintainer script) auth_basic (enabled by maintainer script) access_compat (enabled by maintainer script) authn_file (enabled by maintainer script) authz_user (enabled by maintainer script) alias (enabled by maintainer script) dir (enabled by maintainer script) autoindex (enabled by maintainer script) env (enabled by maintainer script) mime (enabled by maintainer script) negotiation (enabled by maintainer script) setenvif (enabled by maintainer script) filter (enabled by maintainer script) deflate (enabled by maintainer script) status (enabled by maintainer script) socache_shmcb (enabled by site administrator) ssl (enabled by site administrator) auth_mellon (enabled by site administrator) authz_groupfile (enabled by unknown) reqtimeout (enabled by unknown) auth_cas (enabled by maintainer script) authn_core (enabled by site administrator) List of enabled configurations: charset.conf (enabled by maintainer script) localized-error-pages.conf (enabled by maintainer script) other-vhosts-access-log.conf (enabled by maintainer script) security.conf (enabled by maintainer script) serve-cgi-bin.conf (enabled by maintainer script) -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages apache2 depends on: ii apache2-bin 2.4.4-2 ii apache2-data 2.4.4-2 ii lsb-base 4.1+Debian9 ii mime-support 3.52-2 ii perl 5.14.2-20 ii procps1:3.3.4-2 Versions of packages apache2 recommends: ii ssl-cert 1.0.32 Versions of packages apache2 suggests: pn apache2-doc none pn apache2-suexec-pristine | apache2-suexec-custom none ii apache2-utils2.2.22-13 pn www-browser none Versions of packages apache2-bin depends on: ii libapr1 1.4.6-3 ii libaprutil1 1.4.1-3 ii libaprutil1-dbd-sqlite3 1.4.1-3 ii libaprutil1-ldap 1.4.1-3 ii libc62.17-0experimental2 ii libldap-2.4-22.4.31-1 ii liblua5.1-0 5.1.5-4 ii libpcre3 1:8.31-2 ii libssl1.0.0 1.0.1e-1 ii libxml2 2.8.0+dfsg1-7+nmu1 ii perl 5.14.2-20 ii zlib1g 1:1.2.7.dfsg-13 Versions of packages apache2-bin suggests: pn apache2-doc none pn apache2-suexec-pristine | apache2-suexec-custom none pn www-browser none Versions of packages apache2 is related to: ii apache2 2.4.4-2 ii apache2-bin 2.4.4-2 -- Configuration Files: /etc/apache2/ports.conf changed [not included] /etc/apache2/sites-available/000-default.conf [Errno 2] No such file or directory: u'/etc/apache2/sites-available/000-default.conf' /etc/apache2/sites-available/default-ssl.conf [Errno 2] No such file or directory: u'/etc/apache2/sites-available/default-ssl.conf' -- no debconf information -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130312093738.10143.23635.report...@flowsel.uvt.nl
Re: [php-maint] Bug#666820: Bug#666820: php5: sourceful transition towards Apache 2.4
as you may have noticed, we would like to upload to unstable soon as the time runs out. However, the release team didn't ACK the upload yet and I didn't hear anything coming up regarding that. Therefore I ask, could you please consider an upload to Experimental with an Apache2 2.4 aware PHP package? I've already looked into this but ran into some issues with my build environment so didn't pursue it further. I hope I'll have some time soon to check it out further. That would allow us to file transition bugs on (some/most) web applications as a start. An alternative would be to run current PHP with (fast)cgi. Cheers, Thijs -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/25f04d153d4a61d28a13913925ffa7c8.squir...@wm.kinkhorst.nl
Bug#497362: /etc/apache2/conf.d/security: ServerTokens config file documentation wrong
Package: apache2.2-common Version: 2.2.9-7 Severity: minor File: /etc/apache2/conf.d/security Hi, The file mentioned above has: # ServerTokens # This directive configures what you return as the Server HTTP response # Header. The default is 'Full' which sends information about the OS-Type # and compiled in modules. # Set to one of: Full | OS | Minor | Minimal | Major | Prod # where Full conveys the most information, and Prod the least. The ordering not correct, Minimal and Minor should be switched. OS gives: Apache/2.2.3 (Debian) Minor gives: Apache/2.2 Minimal gives: Apache/2.2.3 Major gives: Apache/2 so it should read: # Set to one of: Full | OS | Minimal | Minor | Major | Prod cheers, Thijs -- Package-specific info: List of enabled modules from 'apache2 -M': alias auth_basic authn_file authz_default authz_groupfile authz_host authz_user autoindex cgi deflate dir env mime negotiation php5 setenvif status -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core) Locale: LANG=nl_NL.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages apache2.2-common depends on: ii apache2-utils 2.2.9-7 utility programs for webservers ii libapr11.2.12-4 The Apache Portable Runtime Librar ii libaprutil11.2.12+dfsg-8 The Apache Portable Runtime Utilit ii libc6 2.7-13GNU C Library: Shared libraries ii libmagic1 4.25-1File type determination library us ii libssl0.9.80.9.8g-13 SSL shared libraries ii lsb-base 3.2-20Linux Standard Base 3.2 init scrip ii mime-support 3.44-1MIME files 'mime.types' 'mailcap ii net-tools 1.60-19 The NET-3 networking toolkit ii perl 5.10.0-13 Larry Wall's Practical Extraction ii procps 1:3.2.7-9 /proc file system utilities ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime Versions of packages apache2.2-common recommends: ii ssl-cert 1.0.22 simple debconf wrapper for OpenSSL Versions of packages apache2.2-common suggests: pn apache2-doc none (no description available) pn apache2-suexec | apache2-suex none (no description available) ii w3m [www-browser] 0.5.2-2+b1 WWW browsable pager with excellent Versions of packages apache2.2-common is related to: pn apache2-mpm-event none (no description available) pn apache2-mpm-itk none (no description available) ii apache2-mpm-prefork 2.2.9-7Apache HTTP Server - traditional n pn apache2-mpm-workernone (no description available) -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#489153: can we skip the restart apache2 to activate modules messages?
Package: apache2 Version: 2.2.9-2 Severity: minor A new install of apache2 gives many of these messages: Instellen van apache2.2-common (2.2.9-2) ... Enabling module alias. Run '/etc/init.d/apache2 restart' to activate new configuration! Enabling module autoindex. Run '/etc/init.d/apache2 restart' to activate new configuration! Enabling module dir. Run '/etc/init.d/apache2 restart' to activate new configuration! Enabling module env. Run '/etc/init.d/apache2 restart' to activate new configuration! Enabling module mime. Run '/etc/init.d/apache2 restart' to activate new configuration! Enabling module negotiation. Run '/etc/init.d/apache2 restart' to activate new configuration! Enabling module setenvif. Run '/etc/init.d/apache2 restart' to activate new configuration! Enabling module status. Run '/etc/init.d/apache2 restart' to activate new configuration! Enabling module auth_basic. Run '/etc/init.d/apache2 restart' to activate new configuration! Enabling module deflate. Run '/etc/init.d/apache2 restart' to activate new configuration! Enabling module authz_default. Run '/etc/init.d/apache2 restart' to activate new configuration! Enabling module authz_user. Run '/etc/init.d/apache2 restart' to activate new configuration! Enabling module authz_groupfile. Run '/etc/init.d/apache2 restart' to activate new configuration! Enabling module authn_file. Run '/etc/init.d/apache2 restart' to activate new configuration! Enabling module authz_host. Run '/etc/init.d/apache2 restart' to activate new configuration! Instellen van apache2-mpm-worker (2.2.9-2) ... Starting web server: apache2. They are noisy and not really relevant to this process since dpkg will make sure to (re)start apache2. Maybe the script that enables the modules can get a --dpkg or -q mode that only outputs errors. thanks, Thijs -- Package-specific info: List of enabled modules from 'apache2 -M': alias auth_basic authn_file authz_default authz_groupfile authz_host authz_user autoindex cgid deflate dir env mime negotiation setenvif status -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: powerpc (ppc) Kernel: Linux 2.6.24-1-powerpc Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages apache2 depends on: ii apache2-mpm-worker2.2.9-2Apache HTTP Server - high speed th apache2 recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#402567: apache2: BRF files support
Hi Samuel, For this, AddCharset BRF .brf should be added to apache2.conf. Could this be done for everybody in the debian-shipped file? Note: it would be great to see this in Etch, because else we would have to wait quite a long time until the release of Lenny and seeing webmasters using it... If this is the goal and this is a good idea, it should be implemented upstream. I see that you've reported an upstream report about it, I think it's best to await what upstream's response about this is. Thijs signature.asc Description: This is a digitally signed message part
Bug#402567: apache2: BRF files support
On Sat, 2007-01-13 at 19:07 +0100, Samuel Thibault wrote: Hi, Thijs Kinkhorst, le Sat 13 Jan 2007 18:48:16 +0100, a écrit : Note: it would be great to see this in Etch, because else we would have to wait quite a long time until the release of Lenny and seeing webmasters using it... If this is the goal and this is a good idea, it should be implemented upstream. I see that you've reported an upstream report about it, I think it's best to await what upstream's response about this is. The problem is that upstream seems to consider that such issue should rather be handled by distributions, or even administrators. Upstream does not talk about distributions. I subscribe to their argument that if there's no predefined listings for any mime type, adding one for .brf would require very convincing arguments why it's different. The latter possibility would be unfortunate, as I explained in the apache bts: « Why I'm asking this to be the default for brf files is that people who run websites which propose .brf files will probably _not_ be skilled enough for knowing that to let visitors read them very easily, they should add the mime.types entry and the charset entry (remember that their area is accessibility, not computer administration). » This would go for any specialistic file type to be added. And building an accessible website requires technical skills aswell... Thijs signature.asc Description: This is a digitally signed message part
Bug#356285: apache2-utils: add note to manpage that htpasswd is not safe for setuid/sudo
forwarded 356285 http://issues.apache.org/bugzilla/show_bug.cgi?id=40950 tags 356285 patch thanks Hi, This note from the htpasswd source: NOTE! This program is not safe as a setuid executable! Do not make it setuid! should also be in the man page. This sounds sensible, also outside of Debian. I've forwarded your request with a patch to upstream. I'm attaching the patch here aswell. Thijs Index: docs/manual/programs/htpasswd.xml === --- docs/manual/programs/htpasswd.xml (revision 473940) +++ docs/manual/programs/htpasswd.xml (working copy) @@ -188,6 +188,9 @@ emnot/em be within the Web server's URI space -- that is, they should not be fetchable with a browser./p +pThis program is not safe as a setuid executable. Do emnot/em make it +setuid./p + pThe use of the code-b/code option is discouraged, since when it is used the unencrypted password appears on the command line./p /section Index: docs/manual/programs/htdigest.xml === --- docs/manual/programs/htdigest.xml (revision 473940) +++ docs/manual/programs/htdigest.xml (working copy) @@ -66,4 +66,9 @@ /dl /section +section id=securitytitleSecurity Considerations/title +pThis program is not safe as a setuid executable. Do emnot/em make it +setuid./p +/section + /manualpage signature.asc Description: This is a digitally signed message part
Bug#260063: apache2: suggestion to add new file - conf.d/security.conf
Hi, Perhaps there could be a separate configuration file that woould control the default security setings. I'm not sure if conf.d/ is meant solely for user settings, but it could be one possibility to include: conf.d/security.conf For a start, it could include statement: Files ~ \.htpasswd Order allow,deny Deny from all /Files This is already present in apache2.conf. And I don't see what specific advantage there would be to move it to a separate file. The current apache2.conf is far from unhandlable. Other settings that user could enable could be added in comments, like: #Directory / ## DENY by default. Later, Explicitly allow access to directories. #Order Deny,Allow #Deny from all #/Directory This is a separate bug already. I'm not convinced that a separate file is necessary at all. Can you elaborate on its advantages? Thijs signature.asc Description: This is a digitally signed message part
Bug#235653: Status of Bug 235653?
Hi, At this point I am giving up on trying to use TLS with mod_auth_ldap until Apache 2.1 is released and packaged for Debian. Thanks for your help. Well, it is now. Do you perhaps want to continue on this quest? Thijs signature.asc Description: This is a digitally signed message part
Bug#337325: mod_proxy: encodes URLs in error messages wrongly
forwarded 337325 http://issues.apache.org/bugzilla/show_bug.cgi?id=40952 tags 337325 patch thanks Hi, The URL inside the href=... shouldn't be URL-encoded, it should be HTML encoded. Yes indeed. I've forwarded this to upstream with a patch, which I'm attaching here aswell. Thanks for reporting! Thijs Index: modules/proxy/proxy_util.c === --- modules/proxy/proxy_util.c (revision 473940) +++ modules/proxy/proxy_util.c (working copy) @@ -497,7 +497,7 @@ apr_table_setn(r-notes, error-notes, apr_pstrcat(r-pool, The proxy server could not handle the request -ema href=\, ap_escape_uri(r-pool, r-uri), +ema href=\, ap_escape_html(r-pool, r-uri), \, ap_escape_html(r-pool, r-method), nbsp;, ap_escape_html(r-pool, r-uri), /a/em.p\n signature.asc Description: This is a digitally signed message part
Bug#388443: apache2: MUST NOT send data in an 304 reply
severity 388443 wishlist forwarded 388443 http://issues.apache.org/bugzilla/show_bug.cgi?id=40953 thanks Hi, Christoph Biedl wrote: | ?php | header('HTTP/1.0 304 Not Modified'); | ? While I can see the argument that apache should perhaps be trimming its See the RfC. It is not apache should perhaps, it is apache must. I disagree with your interpretation of the RFC here. I think it's apache should and the script must in this case. When Apache runs a CGI or PHP script, it essentially passes off the responsibility of RFC-compliant output on to the script in question. There's many other incompliant things, like misspelled headers, a script can send, but Apache doesn' stop it from doing that. It's ultimately the script's responsibility. It could, of course. But that's wishlist. I've filed such a request for enhancement upstream. Thijs signature.asc Description: This is a digitally signed message part
Bug#385588: apache2-mpm-worker *** glibc detected *** double free or corruption
Hello Ruben, * Ruben Puettmann | *** glibc detected *** double free or corruption (!prev): 0x083af378 *** | [Fri Sep 01 13:54:19 2006] [notice] child pid 20732 exit signal Aborted (6) | *** glibc detected *** double free or corruption (!prev): 0x084355d0 *** | [Fri Sep 01 13:54:23 2006] [notice] child pid 23834 exit signal Aborted (6) This information is useless if you can't get us a backtrace. Please try to do so. Do you have any update on this? Also, does it still occur with the latest 2.2.3 version as available in testing/unstable? Thanks, Thijs signature.asc Description: This is a digitally signed message part
Bug#286879: apache2 not starting
tags 286879 moreinfo unreproducible Hi, If you're doing a 'apt-get update' 'apt-get upgrade' you 'll be able to get the following error while installing/upgrading: The upgrade-process will hang until you're terminating it manually - at package apache2-mpm-prefork. Even while manually starting the server you won't be able to get it working or stuff. I cannot reproduce this at all. Do you still experience this with recent versions of Apache? Please let us know. Thanks, Thijs signature.asc Description: This is a digitally signed message part
Bug#175351: apache2-common: The problem persists with 2.0.52-1
Hello Julian, The problem persists with 2.0.52-1. The URIs mentioned above are still current. Thank you for your help in testing this problem. I'm working through the (rather long) list of Apache2 bugs. Could you try it again one more time with current Apache 2.2.3 ? That would really help. Thanks, Thijs signature.asc Description: This is a digitally signed message part
Bug#255588: Semantically incorrect file extensions for charsets
Hi Josip, I think this bug is fixed in unstable, because now the default apache2.conf says: I agree that it is fixed, is there any reason to keep this bug open? Thijs signature.asc Description: This is a digitally signed message part
Bug#395959: Mysql DBD Driver not included in libaprutils
reassign 395959 apr-util thanks Hum ... this problem is due to the exclusion of the mysql DBD driver (http://apache.webthing.com/svn/apache/apr/apr_dbd_mysql.c) from the aprutil library because of licensing issue. (Cf INSTALL.MySQL in the source package ...) Maybe this bug should be forwarded to the libapr team ... Sure, doing so now. Thijs signature.asc Description: This is a digitally signed message part
Bug#388443: apache2: MUST NOT send data in an 304 reply
On Sun, 2006-11-12 at 15:26 +, [EMAIL PROTECTED] wrote: I disagree with your interpretation of the RFC here. I think it's apache should and the script must in this case. When Apache runs a CGI or PHP script, it essentially passes off the responsibility of RFC-compliant output on to the script in question. This is _not_ a question about the format of the output but about the transport protocol and hence the responsibility of the server. Well, we clearly disagree on this issue. As I said I've forwarded it to upstream, let's see what they think about it. Thijs signature.asc Description: This is a digitally signed message part
Bug#296590: apache2: cgi SCRIPT_PATH broken
tags 296590 moreinfo thanks Hello Filip, package: apache2 severity: important When a request to a cgi script contains double slashes in the trailing URI component after the script name, the cgi environment variable is not set correctly. Tried on a (woody) apache 1.3 installation too, it works fine there. Thank you for your report; however it completely misses any version information. To what version of the apache2 package does it apply? Or more importantly, does it apply to the current version in sid, 2.2.3 ? Thanks, Thijs signature.asc Description: This is a digitally signed message part
Bug#391290: apache should automatically detect extra periods/commas at the end of URLs and fix
Hi, As Roberto mentions, it would be useful for Apache admins if there were a default rewrite.conf in mods-available/ with such a rewrite rule, and a comment: # This rule automatically removes all trailing periods and commas from requested URLs. This is useful in cases where someone tells someone else about a website in the middle of a sentence and then puts a period or comma right after the URL. Some inexperienced users think the period or comma is part of the URL and type it into their web browsers. mod_speling serves this purpose exactly. It is easily enabled by the admin. I see no use in implementing this separately when something like mod_speling already exists. I propose to close the bug. Thijs signature.asc Description: This is a digitally signed message part