You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2011/09/30 20:06:42 UTC
DO NOT REPLY [Bug 51930] New: Apache is translating "//../" to "/"
https://issues.apache.org/bugzilla/show_bug.cgi?id=51930
Bug #: 51930
Summary: Apache is translating "//../" to "/"
Product: Apache httpd-2
Version: 2.0.63
Platform: HP
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_rewrite
AssignedTo: bugs@httpd.apache.org
ReportedBy: chadi.bousleiman@jinnysoftware.com
Classification: Unclassified
Hello
Once Apache is receiving a post similar to the below
192.168.49.85 - - [01/Oct/2011:00:04:35 +0300] "POST //../ HTTP/1.1" 403 283
"-" "curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b
zlib/1.2.3 libidn/0.6.5"
the "//../" is changed to "/" as if it is translating //../ and changing the
// to /
hence this is causing some problems in denying such requests or in redirecting
"POST //../ HTTP/1.1" since we only need the "POST /"
rewrite rules in httpd.conf
RewriteCond %{REQUEST_METHOD} POST
#RewriteCond %{QUERY_STRING} ^/$
RewriteRule ^//../$ http://hotmail.com [P,L]
RewriteRule ^/$ http://google.com [P,L]
access_log
192.168.49.85 - - [01/Oct/2011:00:04:35 +0300] "POST //../ HTTP/1.1" 403 283
"-" "curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b
zlib/1.2.3 libidn/0.6.5"
rewrite_log
192.168.49.85 - - [01/Oct/2011:00:04:35 +0300]
[mms.celcom.net.my/sid#8e84e88][rid#8f48448/initial] (3) applying pattern
'^//../$' to uri '/'
192.168.49.85 - - [01/Oct/2011:00:04:35 +0300]
[mms.celcom.net.my/sid#8e84e88][rid#8f48448/initial] (3) applying pattern '^/$'
to uri '/'
Please advice on the above case. is there anyway to keep the POST as it appear
in the access_log while applying the RewriteCond
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 51930] Apache is translating "//../" to "/"
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=51930
William A. Rowe Jr. <wr...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
--- Comment #1 from William A. Rowe Jr. <wr...@apache.org> 2011-09-30 18:09:49 UTC ---
The behavior is correct.
You might want use RewriteCond to evaluate THE_REQUEST but be aware you are
going to be comparing to "METHOD //../... HTTP/1.1" where METHOD is HEAD, GET,
etc...
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org