>Number: 5115 >Category: general >Synopsis: "Forbidden" error for files with string '.cgi' embedded in >filename >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Fri Oct 8 06:50:00 PDT 1999 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.9 >Environment: SunOS bluestem1.cso.uiuc.edu 5.6 Generic_105181-06 sun4u sparc SUNW,Ultra-2 >Description: Apache returns a "Forbidden" error on any file with the string '.cgi' embedded in the filename. For example, files with these names return a Forbidden error: doc.cgi.html, doc.CgI.html, .cgi.html, doc.cgi.txt
However, these file names are served without error: cgi.html, doc-cgi.html. This problem noted on Apache 1.3.9 on Solaris 2.6, Apache 1.3.6 on AIX 4.2, and Apache 1.2.4 on Solaris 2.6. >How-To-Repeat: Create a file with '.cgi' appearing anywhere in the filename (except at the end) and try to access it. >Fix: Renaming the file is a workaround. >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, you need] [to include <[EMAIL PROTECTED]> in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]
