https://issues.apache.org/bugzilla/show_bug.cgi?id=56005
Bug ID: 56005 Summary: ISAPI redirector WEB-INF/META-INF Path Check false positive (#51769 is back) Product: Tomcat Connectors Version: 1.2.37 Hardware: PC Status: NEW Severity: normal Priority: P2 Component: isapi Assignee: dev@tomcat.apache.org Reporter: ringz...@nym.hush.com All: It looks like the path checking to determin if the ISAPI redirector is serving up something from the WEB-INF or META-INF directories is either broken again, or Ranier's solution from Bug 51769 wasn't committed / carried forward. Personally, I used Chris Schultz's patch on 1.2.32, just upgraded to 1.2.37 and found the problem had returned. Note that this does not necessarily affect mod_jk, I suspect this has more to do with how IIS enumerates path components. Apache sends a relative path to mod_jk on windows which (in my situation) does not include WEB-INF. IIS sends an absolute pathname, which does include WEB-INF in the path to isapi_redirect and isapi_redirect generates a 404 error. For various purposes, I'd like to nominate that a mechanism to disable the default behavior: In handle_notify_event (line 1994) - Add a check before 'if (uri_is_web_inf(uri))' to see if a variable has been set via isapi_redirect.properties that defines whether URI path checking for WEB-INF / META-INF should be done. That way, the server admin can decide whether IIS, Tomcat or the redirector should do path checking (or all three). This will also aid in webapp debugging and backward compatibility. System: Windows Server 2008R2 x64 IIS 7.5 Tomcat 7.0.35 x64 isapi_redirector.dll version 1.2.37 x64 -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org