You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Robert Andersson <ro...@profundis.nu> on 2004/08/30 16:25:35 UTC
[users@httpd] RewriteCond - problems with -F and -U switches
I am having problems understanding how the -F and -U "switches" works
in a RewriteCond. My hope is to be able to perform an authorization
step there, but currently I'm just trying to understand them.
It is pretty confusing, so I'll just pick one example where I find
-U (is existing URL via subrequest) behaving strange.
Using these directive in an .htaccess file in the root of a
mod_vhost_alias vhost:
RewriteEngine On
RewriteBase /
RewriteCond "/test-auth.php" -U
RewriteRule .* - [F, NS]
"test-auth.php" do exist in the docroot. I think it might want the
full path, but it doesn't matter now. Rewrite log says to this:
[rid#32cca10/initial] (3) [per-dir /path/to/docroot/] strip per-dir prefix:
/path/to/docroot/test.html -> test.html
[rid#32cca10/initial] (3) [per-dir /path/to/docroot/] applying pattern '.*'
to uri 'test.html'
[rid#32cca10/initial] (5) RewriteCond URI (-U) check: path=/test-auth.php ->
status=200
[rid#32cca10/initial] (4) RewriteCond: input='/test-auth.php' pattern='-U'
=> matched
[rid#32cca10/initial] (2) forcing '/path/to/docroot/test.html' to be
forbidden
Ok, it says it "existed" and had status 200. I change the condition
to a file that do not exist:
RewriteEngine On
RewriteBase /
RewriteCond "/test-auth2.php" -U
RewriteRule .* - [F, NS]
[rid#332a4d0/initial] (3) [per-dir /path/to/docroot/] strip per-dir prefix:
/path/to/docroot/test.html -> test.html
[rid#332a4d0/initial] (3) [per-dir /path/to/docroot/] applying pattern '.*'
to uri 'test.html'
[rid#332a4d0/initial] (5) RewriteCond URI (-U) check:
path=/test-auth2.php -> status=200
[rid#332a4d0/initial] (4) RewriteCond: input='/test-auth2.php' pattern='-U'
=> matched
[rid#332a4d0/initial] (2) forcing '/path/to/docroot/test.html' to be
forbidden
(I fiddled with paths here in order to keep down the length and to
retain some privacy)
The -F switch seems to behave similary, although not identically.
Either these features are entirely broken, or I am completely
misunderstanding what they are supposed to do.
I would have thought an internal subrequest would be performed (as
the code and docs indicates), but that doesn't seem to happen.
Regards,
Robert Andersson
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] RewriteCond - problems with -F and -U switches
Posted by Robert Andersson <ro...@profundis.nu>.
I wrote:
> Either these features are entirely broken, or I am completely
> misunderstanding what they are supposed to do.
As I figured, it's probably the latter. While googling around, I stubbled on
some old bug reports related to this. One had this comment:
"Argh. I figured this out I think. Unfortunately, the '-U' switch
doesn't check for the existance of a document, it just checks to see
if the URL is valid (meaning it passes auth and access checks, is in a
document root or aliased, etc). You have to actually do a
run_sub_req to find out if the document is servable, and that then
serves the document, which is not what we want."
-- http://archive.apache.org/gnats/2931
If that is the case, I'm out of luck :(
Regards,
Robert Andersson
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org