You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Wolf-Dietrich Moeller <wo...@mchp.siemens.de> on 2001/02/06 18:34:33 UTC

general/7206: and section finds additional wrong match

>Number:         7206
>Category:       general
>Synopsis:       <Files> and <FilesMatch> section finds additional wrong match
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Tue Feb 06 09:40:02 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     wolf-dietrich.moeller@mchp.siemens.de
>Release:        Apache/1.3.17 (Unix)
>Organization:
apache
>Environment:
Apache/1.3.17 (Unix) FrontPage/4.0.4.3 mod_ssl/2.8.0 OpenSSL/0.9.6
running on free bsd
(more information, if necessary, only available after longer enquiry, as I am not the server admin.)
>Description:
Example: Having the following section in the File "/css/.htaccess":
-------------------------------
<Files css>
ErrorDocument 403 /cgi-bin/printenv
deny from all
</Files>
------------------------------
produces matches for file "/css/" (i.e. the empty directory call, match not expected) and "/css/css" (as expected).
Same behaviour occurs for a <FilesMatch "^css$">-section.

Relevant Environment-Variables in the Perl-Script printenv were for file /css/:
REDIRECT_URL = /css/
REQUEST_URI = /css/
REDIRECT_ERROR_NOTES = client denied by server configuration: /usr/local/www/xyz/css
and for file "/css/css":
REDIRECT_URL = /css/css
REQUEST_URI = /css/css
REDIRECT_ERROR_NOTES = client denied by server configuration: /usr/local/www/xyz/css/css

Notice the inconsistency: The REDIRECT_URL reproduces the URL in both cases correctly, but the REDIRECT_ERROR_NOTES-variable misses the trailing "/" in the first case. Might this be a reason or at least a hint for the misbehaviour of the match-rule?

Perhaps this bug was introduced since Apache/1.3.14, as the similar message in our old configuration was 
REDIRECT_ERROR_NOTES = Directory index forbidden by rule: /usr/local/www/xyz/css/
with the trailing "/".
I cannot verify, if the behaviour of 1.3.14 for the match was correct, as our server admin has now introduced the new version 1.3.17.
>How-To-Repeat:
public URL not available (Intranet server)
>Fix:
No - no internal knowledge of Apache
>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <ap...@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]