You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Jay Soffian <ja...@cimedia.com> on 1998/05/21 07:18:38 UTC

general/2260: Apache logs errors on subreqs that it shouldn't.

>Number:         2260
>Category:       general
>Synopsis:       Apache logs errors on subreqs that it shouldn't.
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Wed May 20 22:20:01 PDT 1998
>Last-Modified:
>Originator:     jay@cimedia.com
>Organization:
apache
>Release:        1.2.6, 1.3b5
>Environment:
SunOS web22 5.5.1 Generic_103640-19 sun4u sparc SUNW,Ultra-2
(any environment should be affected)
>Description:
When calling a CGI with path_info, apache generates a subreq for the
path_info. If access to the path_info is restricted, an error is ouput
to the error log. I doesn't seem like this is proper behavior. I used
mod_rewrite in assisting in diagnosing the problem.

Here is the request:

GET /cgi-bin/print-env/foo=bar

This shows up in the error log under 1.2.6:
[Thu May 21 01:09:46 1998] access to /home/httpd/htdocs/foo=bar failed for voyager.cimedia.com, reason: Client denied by server configuration

Same error under 1.3b5:

[Thu May 21 01:17:14 1998] [error] Client denied by server configuration: /home/httpd/htdocs/foo=bar

Using mod_rewrite, I saw that the single GET generates two requests, the
primary request from the GET string, then a subreq for /foo=bar. Since
the document root has restricted access, and error is output. The
restricted document root is because this server handles CGI requests
only.
>How-To-Repeat:
Setup a configuration like so:

DocumentRoot /home/httpd/htdocs
<Directory />
order deny,allow
deny from all
</Directory>
ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/
<Directory            /home/httpd/cgi-bin>
AllowOverride None
Options None
order allow,deny
allow from all
</Directory>

Then just place a script in the cgi-bin and call it with path_info and
see what shows up in the error log.
>Fix:
Check to see if an error is on a subreq and don't log it if it is. Hmm,
that would probably affect loging of mod_include errors. Perhaps subreqs
that shouldn't generate messages in the error log can have a 'don't log on
error' flag attached?
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]