DO NOT REPLY [Bug 46398] New: FilesMatch matches against incorrect basename if directory doesn't exist.

Mon, 15 Dec 2008 07:08:21 -0800 

https://issues.apache.org/bugzilla/show_bug.cgi?id=46398

           Summary: FilesMatch matches against incorrect basename if
                    directory doesn't exist.
           Product: Apache httpd-2
           Version: 2.2.11
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Core
        AssignedTo: [email protected]
        ReportedBy: [email protected]


Example config to reproduce the issue:

  <Directory /usr/local/apache2/htdocs/test>
  Order Deny,Allow
  Deny from all
    <FilesMatch "bar$">  
    Allow from all  
    </FilesMatch>  
  </Directory>

- requesting "/test/blah" returns a forbidden error, which is OK
- requesting "/test/foo.bar" returns the file if it exists, which is OK
- requesting "/test/is/here/foo.bar" returns the file if it exists, which is OK
- requesting "/test/not/here/foo.bar" (with the directory "not"
  not existing) returns a forbidden error instead of a 404 error.
  In this case Apache walks up to "/usr/local/apache2/htdocs/test" and
  then uses "not" as the basename and matches the regex from FilesMatch
  against this. So using 'FilesMatch "not$"' would actually match and a
  404 error is returned.

In most cases it probably doesn't matter if you get a 404 or a forbidden error, 
but once you start doing RewriteRule stuff the above can lead to unexpected 
results.

Add the following RewriteRules to the directory section:

  RewriteRule ^/test/is/here/foo.bar$ /foo.bar [L] 
  RewriteRule ^/test/not/here/foo.bar$ /foo.bar [L] 

- requesting "/test/is/here/foo.bar" redirects and returns the file /foo.bar
- requesting "/test/not/here/foo.bar" redirects internally, but then returns a
  forbidden error.
  In this case Apache first matches the basename "not" *and* the basename 
  "foo.bar" again the FilesMatch regex which fails ... 
  Using 'FilesMatch "(not|bar)$"' would actually work in this case, but
  is not really something I would have expected.


Tested with 2.0.63 and 2.2.11.


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to