DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7915>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7915 strange substitutions in requests Summary: strange substitutions in requests Product: Apache httpd-1.3 Version: 1.3.24 Platform: All OS/Version: All Status: NEW Severity: Major Priority: Other Component: Dir Handling AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] When requesting a *nonexisting* URL in form http://host/aaa/bbb/ccc the request is changed to aaa.gif if aaa.gif exists in directory Example log entries: access.log 127.0.0.1 - - [10/Apr/2002:12:38:00 +0200] "GET /update/qewrqwr HTTP/1.1" 404 286 error.log [Wed Apr 10 12:38:00 2002] [error] [client 127.0.0.1] File does not exist: c:/www/update.gif/qewrqwr Tested on Win32 and FreeBSD, using both MSIE and Mozilla Note: if there's php page it's runned! (in above example if we have update.php instead of update.gif) I'm afraid it may cause security problems. On the other hand the bug does not depend on php module (I tested it w/o php too) Used httpd.conf (nothin strange, almost standard) ServerType standalone ServerRoot "C:/ApacheGroup/Apache" PidFile logs/httpd.pid ScoreBoardFile logs/apache_runtime_status Timeout 300 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 60 MaxRequestsPerChild 0 ThreadsPerChild 50 LoadModule info_module modules/mod_info.so LoadModule status_module modules/mod_status.so ExtendedStatus On Port 80 ServerAdmin [EMAIL PROTECTED] ServerName localhost DocumentRoot "C:/www" <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory "C:/www"> Options All MultiViews AllowOverride All Order allow,deny Allow from all </Directory> <IfModule mod_userdir.c> UserDir "C:/ApacheGroup/Apache/users/" </IfModule> <IfModule mod_dir.c> DirectoryIndex index.html index.php </IfModule> AccessFileName .htaccess <Files ~ "^\.ht"> Order allow,deny Deny from all </Files> UseCanonicalName On <IfModule mod_mime.c> TypesConfig conf/mime.types </IfModule> DefaultType text/plain <IfModule mod_mime_magic.c> MIMEMagicFile conf/magic </IfModule> HostnameLookups Off ErrorLog logs/error.log LogLevel warn LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent CustomLog logs/access.log common ServerSignature On <IfModule mod_alias.c> Alias /icons/ "C:/ApacheGroup/Apache/icons/" <Directory "C:/ApacheGroup/Apache/icons"> Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all </Directory> ScriptAlias /cgi-bin/ "C:/ApacheGroup/Apache/cgi-bin/" <Directory "C:/ApacheGroup/Apache/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all </Directory> </IfModule> <IfModule mod_autoindex.c> IndexOptions FancyIndexing AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip AddIconByType (TXT,/icons/text.gif) text/* [...] </IfModule> <IfModule mod_mime.c> AddEncoding x-compress Z [...] <IfModule mod_negotiation.c> LanguagePriority en da nl et fr de el it ja kr no pl pt pt-br ru ltz ca es sv tw </IfModule> AddType application/x-httpd-php .php4 AddType application/x-httpd-php .php3 AddType application/x-httpd-php .php AddType application/x-tar .tgz AddHandler cgi-script .cgi AddHandler cgi-script .pl </IfModule> <IfModule mod_setenvif.c> BrowserMatch "Mozilla/2" nokeepalive BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 BrowserMatch "RealPlayer 4\.0" force-response-1.0 BrowserMatch "Java/1\.0" force-response-1.0 BrowserMatch "JDK/1\.0" force-response-1.0 </IfModule> <Location /server-status> SetHandler server-status Order deny,allow Deny from all Allow from localhost </Location> <Location /server-info> SetHandler server-info Order deny,allow Deny from all Allow from localhost </Location>
