You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apache-bugdb@apache.org by Seth Chaiklin <se...@psy.au.dk> on 1998/07/28 11:43:55 UTC

general/2724: a permanent redirect (status code 301) to a non-existent file produces a status code 403 (HTTP_FORBIDDEN) instead of 404 (HTTP_NOT_FOUND)

>Number:         2724
>Category:       general
>Synopsis:       a permanent redirect (status code 301) to a non-existent file produces a  status code 403 (HTTP_FORBIDDEN)  instead of 404 (HTTP_NOT_FOUND)
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Tue Jul 28 02:50:00 PDT 1998
>Last-Modified:
>Originator:     seth@psy.au.dk
>Organization:
apache
>Release:        1.3.1
>Environment:
Linux 2.0.33
>Description:
Have a permanent redirect like this (in srm.conf):

Redirect permanent /~bo http://www.psy.aau.dk

Happened that one of the redirects was to a nonexistent file.
Here is an example from the access log file, which shows
that the redirect (301) gives a "forbiddden" error (403), when in reality
it should give a "not-found" (404).

ocelot.eng.pgh.lycos.com - - [28/Jul/1998:00:52:05 +0200] "GET /~bo/staff/stats.
html HTTP/1.0" 301 242
ocelot.eng.pgh.lycos.com - - [28/Jul/1998:00:52:58 +0200] "GET /staff/stats.html
 HTTP/1.0" 403 214  

But according to src/main/http_request.c (lines 153 and 154) (version 1.3.1)

     * Note that we don't reject accesses to nonexistent files (multiviews or
     * the like may cons up a way to run the transaction anyway)...

      
>How-To-Repeat:
Have a permanent redirect to a non-existent file. (I haven't tried with
a temporary redirect...maybe the same problem?)
>Fix:
Didn't completely untangle the code after 10 minutes of trying...but the 
problem is in src/main/http_request.c  I guess the ap_internal_redirect() 
calls process_request_internal() which eventually calls directory_walk()
which calls get_path_info() and THERE is where the mistake actually comes.
I suspect the maintainer of this section of the code will see what needs
to be done.

And while I am at it....perhaps the ap_log_error() on line 251 (version 1.3.1)
in the function get_path_info() should make some indication that the failure 
was because of server configuration (as is done in mod_access) and not simply 
"failed" as it presently does.
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]