You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2009/04/02 09:02:28 UTC

DO NOT REPLY [Bug 46954] New: Rewrite rule exposes script path

https://issues.apache.org/bugzilla/show_bug.cgi?id=46954

           Summary: Rewrite rule exposes script path
           Product: Apache httpd-2
           Version: 2.0.63
          Platform: PC
        OS/Version: Windows Server 2003
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_rewrite
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: mariusads@helpedia.com


Apache 2.0.63 , Windows 2003 Web

I'm not sure if this is actually a bug or if I've written a bad rewrite rule
but if it happened to me it may happen to others.

I was trying to write a rule that would catch all url's that don't end with "/"
because I had a lot of bots searching for various words like "dba", "admin",
"dev", "datenbank", "database" and so on, and I also have search engines using
"site.com/gameboy" instead of "site.com/gameboy/" and failing:

So here's the rule that I came up with:

RewriteRule ^([a-zA-Z0-9]+)$ $1/ [QSA,L,R]

Instead of redirecting www.site.com/word to www.site.com/word/ it actually
redirects users to www.site.com/DriveLetter/path/to/website/word/ and obviously
giving a 403 but the harm is already done.

Adding a / in front of $1 solved the problem.

I will actually replace the rule to something like RewriteRule ^([a-zA-Z0-9]+)$
verify.php?$1 [QSA,L] so that I catch those IP's that try various keywords and
add them to firewall after several attempts.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

DO NOT REPLY [Bug 46954] Rewrite rule exposes script path

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=46954





--- Comment #1 from mariushm <ma...@helpedia.com>  2009-04-02 00:06:12 PST ---
Also occurs on Apache 1.3.33 on Windows 2003 but again, I'm sorry if I bother
you with something very obvious and stupid - I'm not very good at regular
expressions and rewrite rules.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

DO NOT REPLY [Bug 46954] Rewrite rule exposes script path

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=46954


Will Rowe <wr...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED




--- Comment #2 from Will Rowe <wr...@apache.org>  2009-04-02 11:52:31 PST ---
yup - the question belongs on a user list.  not a bug.  fyi see RewriteLog to
help you work out such questions yourself ;-)

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

DO NOT REPLY [Bug 46954] Rewrite rule exposes script path

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=46954


Will Rowe <wr...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|FIXED                       |INVALID




-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org