You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2011/09/30 20:06:42 UTC

DO NOT REPLY [Bug 51930] New: Apache is translating "//../" to "/"

https://issues.apache.org/bugzilla/show_bug.cgi?id=51930

             Bug #: 51930
           Summary: Apache is translating "//../" to "/"
           Product: Apache httpd-2
           Version: 2.0.63
          Platform: HP
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_rewrite
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: chadi.bousleiman@jinnysoftware.com
    Classification: Unclassified


Hello

Once Apache is receiving a post similar to the below

192.168.49.85 - - [01/Oct/2011:00:04:35 +0300] "POST //../ HTTP/1.1" 403 283
"-" "curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b
zlib/1.2.3 libidn/0.6.5"

the "//../" is changed to "/" as if it is translating //../  and changing the
// to /

hence this is causing some problems in denying such requests or in redirecting
"POST //../ HTTP/1.1" since we only need the "POST /"





rewrite rules in httpd.conf

RewriteCond  %{REQUEST_METHOD}    POST
#RewriteCond  %{QUERY_STRING}     ^/$
RewriteRule  ^//../$ http://hotmail.com    [P,L]
RewriteRule  ^/$     http://google.com     [P,L]


access_log

192.168.49.85 - - [01/Oct/2011:00:04:35 +0300] "POST //../ HTTP/1.1" 403 283
"-" "curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b
zlib/1.2.3 libidn/0.6.5"

rewrite_log 

192.168.49.85 - - [01/Oct/2011:00:04:35 +0300]
[mms.celcom.net.my/sid#8e84e88][rid#8f48448/initial] (3) applying pattern
'^//../$' to uri '/'
192.168.49.85 - - [01/Oct/2011:00:04:35 +0300]
[mms.celcom.net.my/sid#8e84e88][rid#8f48448/initial] (3) applying pattern '^/$'
to uri '/'


Please advice on the above case. is there anyway to keep the POST as it appear
in the access_log while applying the RewriteCond

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

DO NOT REPLY [Bug 51930] Apache is translating "//../" to "/"

Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=51930

William A. Rowe Jr. <wr...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID

--- Comment #1 from William A. Rowe Jr. <wr...@apache.org> 2011-09-30 18:09:49 UTC ---
The behavior is correct.

You might want use RewriteCond to evaluate THE_REQUEST but be aware you are
going to be comparing to "METHOD //../... HTTP/1.1" where METHOD is HEAD, GET,
etc...

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org