https://bz.apache.org/bugzilla/show_bug.cgi?id=64447
Bug ID: 64447
Summary: RewriteCond local file system checks (-f and others)
should allow (sane) relative path resolution
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: mod_rewrite
Assignee: bugs@httpd.apache.org
Reporter: o...@geek.co.il
Target Milestone: ---
When used in a per-directory context (.htaccess file), using file system checks
in RewriteCond (such as -f) with relative paths causes mod_rewrite to resolve
the paths relative to the current working directory of the server process
instead of against the directory of the RewriteCond.
In the following examples, using Docker, we are setting up the files `file.xyz`
and `index.html` in the document root, and the creating the following rules in
.htaccess:
RewriteEngine On
RewriteCond file.xyz -f
RewriteRule . index.html [L]
One might expect that as `file.xyz` exists, all requests will be redirected to
`index.html`, and indeed the following command does appear to behave correctly:
docker run -ti --rm --name httpd-test httpd bash -c '
sed -i -e "s/^#\(LoadModule .*rewrite\)/\1/;s/\(AllowOverride\).*/\1 All/"
conf/httpd.conf;
touch htdocs/file.xyz; echo success > htdocs/index.html;
(echo "RewriteEngine On"; echo "RewriteCond file.xyz -f"; echo "RewriteRule .
index.html") > htdocs/.htaccess;
cd htdocs;
httpd-foreground'
But this only works because we cd into the document root before running the
server.
This, almost identical, command does not work - requests to the server will not
match the rewrite rule:
docker run -ti --rm --name httpd-test httpd bash -c '
sed -i -e "s/^#\(LoadModule .*rewrite\)/\1/;s/\(AllowOverride\).*/\1 All/"
conf/httpd.conf;
touch htdocs/file.xyz; echo success > htdocs/index.html;
(echo "RewriteEngine On"; echo "RewriteCond file.xyz -f"; echo "RewriteRule .
index.html") > htdocs/.htaccess;
httpd-foreground'
I believe it is not OK to expect the website creator to know in which directory
the httpd process was executed and to adapt the mod_rewrite rules to that.
Also, due to (I guess) security constraints, using relative URLs will never
work if the server process current working directory is not somewhere under the
document root.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org
