You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Adrian Grajdeanu <ad...@cox.net> on 2002/07/21 04:14:41 UTC
Case insensitive issues
I've been trying to wrap my mind around case insensitive stuff...
And I got stuck on Alias
For example:
Alias /Foo c:/Folder/Foo
allows access to
c:/Folder/Foo/a.html
via
/Foo/a.html
On a case insensitive plaform, one can access the same thing via
/Foo/A.html
but not via
/foo/a.html
So I went into the code of mod-alias and added an optional flag field of the
style [NC] for
Alias, ScriptAlias, AliasMatch, ScriptAliasMatch, Redirect, RedirectMatch,
RedirectTemp and RedirectPermanent.
What do the bright minds of this list think of the issue?
Thanx
Adrian
PS. Just now been thinking that Location may need (or maybe not) similar
changes.
Re: Case insensitive issues
Posted by "johannes m. richter" <jo...@gmx.net>.
>mod_rewrite does solve the problem of case insensitve need. However it is
>not what I like. It modifies the request in such a way that it is visible to
>the client.
Wrong. It rewrites the requests internally (except if you wish to make a
redirect)
nice evening :)
johannes
--
If at first you don't succeed, try following the instructions.
- http://jgcl.at/ - new photos from summer camp 2002 in Moosen/Tirol
Re: Case insensitive issues
Posted by Adrian Grajdeanu <ad...@cox.net>.
Applogise for the prior message going to the list... I ment to send it
private... Darn!
Re: Case insensitive issues
Posted by Adrian Grajdeanu <ad...@cox.net>.
> > RewriteRule /Bob(.*) /Bob$1 [NC]
> But your RewriteRule makes no sense. You are simply rewriting
> one URL back onto exactly the same URL. The change in the
But I thought it does. The comparison is NC, so the rewrite forces the exact
up/locase combination.
> > In my filesystem I have the e:/Html/Bob/index.html file
> >
> > To the request:
> > http://hera/BoB
> > The browser reports:
> > Bad request!
> > Your browser (or proxy) sent a request that this server could not
> > understand.
> > If you think this is a server error, please contact the webmaster
> > Error 400
>
> The 400 error does seem to be a bug someplace. (Don't ask me where.)
So I was right in understanding that [PT] int the rewrite rule isn't
necessary...
Let's see if I can dig in and find the problem...
Thanx
Re: Case insensitive issues
Posted by Joshua Slive <jo...@slive.ca>.
On Sun, 21 Jul 2002, Adrian Grajdeanu wrote:
> I'm writing off the list because this might be configuration/support issue
> ...
We're on the list, so I might as well respond here.
> RewriteRule /Bob(.*) /Bob$1 [NC]
> In my filesystem I have the e:/Html/Bob/index.html file
>
> To the request:
> http://hera/BoB
> The browser reports:
> Bad request!
> Your browser (or proxy) sent a request that this server could not
> understand.
> If you think this is a server error, please contact the webmaster
> Error 400
The 400 error does seem to be a bug someplace. (Don't ask me where.)
But your RewriteRule makes no sense. You are simply rewriting
one URL back onto exactly the same URL. The change in the
browsers location bar in the second case comes about because
mod_dir performs a trailing-slash redirect, which is necessary
to assure that relative URLs are resolved correctly.
If you care to address the 400 error issue, that is probably on topic
here. But the other problems with your rewriterule should probably be
taken up on users@httpd.apache.org.
Joshua.
Re: Case insensitive issues
Posted by Adrian Grajdeanu <ad...@cox.net>.
> Take another look at mod_rewrite. This should do exactly what you want
> RewriteRule /Foo(.*) c:/Folder/Foo$1 [NC]
> (although I haven't used mod_rewrite much on win32, so I'm not
> sure about the path syntax.
I'm writing off the list because this might be configuration/support issue
...
Here is what I tried:
at the top level in configuration I have (fragments):
DocumentRoot "e:/Html/Content"
RewriteEngine On
RewriteLog e:\Html\Logs\rewrite.log
RewriteLogLevel 9
RewriteRule /Bob(.*) /Bob$1 [NC]
<Directory "e:/Html/Content/Bob">
Order allow,deny
Allow from all
DirectoryIndex index.html
</Directory>
In my filesystem I have the e:/Html/Bob/index.html file
To the request:
http://hera/BoB
The browser reports:
Bad request!
Your browser (or proxy) sent a request that this server could not
understand.
If you think this is a server error, please contact the webmaster
Error 400
hera
07/21/02 15:32:16
The rewrite log file shows (fragments):
192.168.2.6 - - [21/Jul/2002:15:26:59 --0400]
[hera/sid#2fb658][rid#55f700/initial] (2) init rewrite engine with requested
uri /BoB
192.168.2.6 - - [21/Jul/2002:15:26:59 --0400]
[hera/sid#2fb658][rid#55f700/initial] (3) applying pattern '/Bob(.*)' to uri
'/BoB'
192.168.2.6 - - [21/Jul/2002:15:26:59 --0400]
[hera/sid#2fb658][rid#55f700/initial] (2) rewrite /BoB -> /Bob
192.168.2.6 - - [21/Jul/2002:15:26:59 --0400]
[hera/sid#2fb658][rid#55f700/initial] (2) local path result: /Bob
192.168.2.6 - - [21/Jul/2002:15:26:59 --0400]
[hera/sid#2fb658][rid#560958/initial/redir#1] (2) init rewrite engine with
requested uri /error/HTTP_BAD_REQUEST.html.var
192.168.2.6 - - [21/Jul/2002:15:26:59 --0400]
[hera/sid#2fb658][rid#560958/initial/redir#1] (3) applying pattern
'/Bob(.*)' to uri '/error/HTTP_BAD_REQUEST.html.var'
192.168.2.6 - - [21/Jul/2002:15:26:59 --0400]
[hera/sid#2fb658][rid#560958/initial/redir#1] (1) pass through
/error/HTTP_BAD_REQUEST.html.var
192.168.2.6 - - [21/Jul/2002:15:26:59 --0400]
[hera/sid#2fb658][rid#567720/subreq] (2) init rewrite engine with requested
uri /error/include/top.html
192.168.2.6 - - [21/Jul/2002:15:26:59 --0400]
[hera/sid#2fb658][rid#567720/subreq] (3) applying pattern '/Bob(.*)' to uri
'/error/include/top.html'
192.168.2.6 - - [21/Jul/2002:15:26:59 --0400]
[hera/sid#2fb658][rid#567720/subreq] (1) pass through
/error/include/top.html
192.168.2.6 - - [21/Jul/2002:15:26:59 --0400]
[hera/sid#2fb658][rid#567720/subreq] (2) init rewrite engine with requested
uri /error/include/bottom.html
192.168.2.6 - - [21/Jul/2002:15:26:59 --0400]
[hera/sid#2fb658][rid#567720/subreq] (3) applying pattern '/Bob(.*)' to uri
'/error/include/bottom.html'
192.168.2.6 - - [21/Jul/2002:15:26:59 --0400]
[hera/sid#2fb658][rid#567720/subreq] (1) pass through
/error/include/bottom.html
192.168.2.6 - - [21/Jul/2002:15:26:59 --0400]
[hera/sid#2fb658][rid#569728/subreq] (2) init rewrite engine with requested
uri /error/contact.html.var
192.168.2.6 - - [21/Jul/2002:15:26:59 --0400]
[hera/sid#2fb658][rid#569728/subreq] (3) applying pattern '/Bob(.*)' to uri
'/error/contact.html.var'
192.168.2.6 - - [21/Jul/2002:15:26:59 --0400]
[hera/sid#2fb658][rid#569728/subreq] (1) pass through
/error/contact.html.var
Now I modified the configuration to say:
RewriteRule /Bob(.*) /Bob$1 [NC,PT]
This time the request:
http://hera/BoB
is serverd successfully, however in the address bar I see:
http://hera/Bob/
so the rewrite made it to the user...
This is the fragment of the rewrite log this time:
192.168.2.6 - - [21/Jul/2002:15:36:49 --0400]
[hera/sid#2fb658][rid#55f700/initial] (2) init rewrite engine with requested
uri /BoB
192.168.2.6 - - [21/Jul/2002:15:36:49 --0400]
[hera/sid#2fb658][rid#55f700/initial] (3) applying pattern '/Bob(.*)' to uri
'/BoB'
192.168.2.6 - - [21/Jul/2002:15:36:49 --0400]
[hera/sid#2fb658][rid#55f700/initial] (2) rewrite /BoB -> /Bob
192.168.2.6 - - [21/Jul/2002:15:36:49 --0400]
[hera/sid#2fb658][rid#55f700/initial] (2) forcing '/Bob' to get passed
through to next API URI-to-filename handler
192.168.2.6 - - [21/Jul/2002:15:36:49 --0400]
[hera/sid#2fb658][rid#55f700/initial] (2) init rewrite engine with requested
uri /Bob/
192.168.2.6 - - [21/Jul/2002:15:36:49 --0400]
[hera/sid#2fb658][rid#55f700/initial] (3) applying pattern '/Bob(.*)' to uri
'/Bob/'
192.168.2.6 - - [21/Jul/2002:15:36:49 --0400]
[hera/sid#2fb658][rid#55f700/initial] (2) rewrite /Bob/ -> /Bob/
192.168.2.6 - - [21/Jul/2002:15:36:49 --0400]
[hera/sid#2fb658][rid#55f700/initial] (2) forcing '/Bob/' to get passed
through to next API URI-to-filename handler
192.168.2.6 - - [21/Jul/2002:15:36:49 --0400]
[hera/sid#2fb658][rid#561708/subreq] (2) init rewrite engine with requested
uri /Bob/index.html
192.168.2.6 - - [21/Jul/2002:15:36:49 --0400]
[hera/sid#2fb658][rid#561708/subreq] (3) applying pattern '/Bob(.*)' to uri
'/Bob/index.html'
192.168.2.6 - - [21/Jul/2002:15:36:49 --0400]
[hera/sid#2fb658][rid#561708/subreq] (2) rewrite /Bob/index.html ->
/Bob/index.html
192.168.2.6 - - [21/Jul/2002:15:36:49 --0400]
[hera/sid#2fb658][rid#561708/subreq] (2) forcing '/Bob/index.html' to get
passed through to next API URI-to-filename handler
So now I don't quite know what is wrong.
1. Is the [PT] necessary? From documentation I didn't understand it to be.
>From your example it didn't seem to be required either. But without it, it
just doesn't work.
2. Using rewrite I get to see the changes at the client, which is not what I
wanted. So what is wrong?
Thanx
Adrian
----- Original Message -----
From: "Joshua Slive" <jo...@slive.ca>
To: <de...@httpd.apache.org>
Sent: 21 July, 2002 14:41
Subject: Re: Case insensitive issues
>
> On Sun, 21 Jul 2002, Adrian Grajdeanu wrote:
>
> > mod_rewrite does solve the problem of case insensitve need. However it
is
> > not what I like. It modifies the request in such a way that it is
visible to
> > the client. Why should the client care or even know the details of the
> > server and its configuration and layout? In trying to avoid such
disclosure
> > I would prefer against mod_rewrite and for mod_alias in this case. Am I
> > mistaken?
>
> Take another look at mod_rewrite. This should do exactly what you want
> RewriteRule /Foo(.*) c:/Folder/Foo$1 [NC]
> (although I haven't used mod_rewrite much on win32, so I'm not
> sure about the path syntax.
>
> In fact, I'm fairly sure that there is nothing that you can do with
> mod_alias that can't also be done with mod_rewrite.
>
> > Especially I am curious about the Location vulnerability that case
> > insensitive filesystems open up, while the Location name can be case
> > sensitive only.
>
> I solve that by telling people NEVER to use <Location> when trying to
> protect something on the filesystem. That is what <Directory> is for.
>
> Joshua.
>
Re: Case insensitive issues
Posted by Joshua Slive <jo...@slive.ca>.
On Sun, 21 Jul 2002, Adrian Grajdeanu wrote:
> mod_rewrite does solve the problem of case insensitve need. However it is
> not what I like. It modifies the request in such a way that it is visible to
> the client. Why should the client care or even know the details of the
> server and its configuration and layout? In trying to avoid such disclosure
> I would prefer against mod_rewrite and for mod_alias in this case. Am I
> mistaken?
Take another look at mod_rewrite. This should do exactly what you want
RewriteRule /Foo(.*) c:/Folder/Foo$1 [NC]
(although I haven't used mod_rewrite much on win32, so I'm not
sure about the path syntax.
In fact, I'm fairly sure that there is nothing that you can do with
mod_alias that can't also be done with mod_rewrite.
> Especially I am curious about the Location vulnerability that case
> insensitive filesystems open up, while the Location name can be case
> sensitive only.
I solve that by telling people NEVER to use <Location> when trying to
protect something on the filesystem. That is what <Directory> is for.
Joshua.
Re: Case insensitive issues
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
At 01:29 PM 7/21/2002, Adrian Grajdeanu wrote:
>The fact that URLs are case sensitive by definition is a strong argument.
>Unfortunately the reality of case insensitive file systems doesn't fit with
>definitions. I guess people already went on and debated this till the bitter
>end. So instead of adding fuel to the fire, I ask if anybody would give me
>pointers to the past debates so I can better educate myself about the
>arguments.
>
>Especially I am curious about the Location vulnerability that case
>insensitive filesystems open up, while the Location name can be case
>sensitive only.
They don't open vulnerabilities, if used correctly...
Alias /my-dav c:/dav-folder
<location "/my-dav">
Dav On
</location>
Since the location matches the alias, and the location is -granting-
permissions, and not taking them away, you are fine.
Consider if we lock down dav to certain users...
<location "/my-dav">
Dav On
Require valid-user
</location>
Now... the Dav On has the same scope as the Require, so dav is
only turned on when the valid-user is required.
If you want to protect a directory, use the <directory> block. If you
want to be more clever, you need to think it through.
Bill
Re: Case insensitive issues
Posted by Adrian Grajdeanu <ad...@cox.net>.
mod_rewrite does solve the problem of case insensitve need. However it is
not what I like. It modifies the request in such a way that it is visible to
the client. Why should the client care or even know the details of the
server and its configuration and layout? In trying to avoid such disclosure
I would prefer against mod_rewrite and for mod_alias in this case. Am I
mistaken?
The fact that URLs are case sensitive by definition is a strong argument.
Unfortunately the reality of case insensitive file systems doesn't fit with
definitions. I guess people already went on and debated this till the bitter
end. So instead of adding fuel to the fire, I ask if anybody would give me
pointers to the past debates so I can better educate myself about the
arguments.
Especially I am curious about the Location vulnerability that case
insensitive filesystems open up, while the Location name can be case
sensitive only.
Thanx
Adrian
----- Original Message -----
From: "Joshua Slive" <jo...@slive.ca>
To: <de...@httpd.apache.org>
Sent: 21 July, 2002 14:20
Subject: Re: Case insensitive issues
> 1. What you want is already available in RewriteRule/mod_rewrite. The
> directives in mod_alias are for people who want SIMPLE rewriting. The
> directives in mod_rewrite are for people who need complexity.
>
> 2. URLs are case-sensitive by definition, and we shouldn't encourage
> people to think otherwise. Of course, we know many people need
> case-insensitive matching anyway, and mod_rewrite can provide it.
>
> Joshua.
>
Re: Case insensitive issues
Posted by Joshua Slive <jo...@slive.ca>.
On Sat, 20 Jul 2002, Adrian Grajdeanu wrote:
> I've been trying to wrap my mind around case insensitive stuff...
> And I got stuck on Alias
> So I went into the code of mod-alias and added an optional flag field of the
> style [NC] for
> Alias, ScriptAlias, AliasMatch, ScriptAliasMatch, Redirect, RedirectMatch,
> RedirectTemp and RedirectPermanent.
>
> What do the bright minds of this list think of the issue?
Two problems with this:
1. What you want is already available in RewriteRule/mod_rewrite. The
directives in mod_alias are for people who want SIMPLE rewriting. The
directives in mod_rewrite are for people who need complexity.
2. URLs are case-sensitive by definition, and we shouldn't encourage
people to think otherwise. Of course, we know many people need
case-insensitive matching anyway, and mod_rewrite can provide it.
Joshua.