You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2009/04/02 09:02:28 UTC
DO NOT REPLY [Bug 46954] New: Rewrite rule exposes script path
https://issues.apache.org/bugzilla/show_bug.cgi?id=46954
Summary: Rewrite rule exposes script path
Product: Apache httpd-2
Version: 2.0.63
Platform: PC
OS/Version: Windows Server 2003
Status: NEW
Severity: normal
Priority: P2
Component: mod_rewrite
AssignedTo: bugs@httpd.apache.org
ReportedBy: mariusads@helpedia.com
Apache 2.0.63 , Windows 2003 Web
I'm not sure if this is actually a bug or if I've written a bad rewrite rule
but if it happened to me it may happen to others.
I was trying to write a rule that would catch all url's that don't end with "/"
because I had a lot of bots searching for various words like "dba", "admin",
"dev", "datenbank", "database" and so on, and I also have search engines using
"site.com/gameboy" instead of "site.com/gameboy/" and failing:
So here's the rule that I came up with:
RewriteRule ^([a-zA-Z0-9]+)$ $1/ [QSA,L,R]
Instead of redirecting www.site.com/word to www.site.com/word/ it actually
redirects users to www.site.com/DriveLetter/path/to/website/word/ and obviously
giving a 403 but the harm is already done.
Adding a / in front of $1 solved the problem.
I will actually replace the rule to something like RewriteRule ^([a-zA-Z0-9]+)$
verify.php?$1 [QSA,L] so that I catch those IP's that try various keywords and
add them to firewall after several attempts.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 46954] Rewrite rule exposes script path
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46954
--- Comment #1 from mariushm <ma...@helpedia.com> 2009-04-02 00:06:12 PST ---
Also occurs on Apache 1.3.33 on Windows 2003 but again, I'm sorry if I bother
you with something very obvious and stupid - I'm not very good at regular
expressions and rewrite rules.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 46954] Rewrite rule exposes script path
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46954
Will Rowe <wr...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #2 from Will Rowe <wr...@apache.org> 2009-04-02 11:52:31 PST ---
yup - the question belongs on a user list. not a bug. fyi see RewriteLog to
help you work out such questions yourself ;-)
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 46954] Rewrite rule exposes script path
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=46954
Will Rowe <wr...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|FIXED |INVALID
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org