https://bz.apache.org/bugzilla/show_bug.cgi?id=64447
Bug ID: 64447 Summary: RewriteCond local file system checks (-f and others) should allow (sane) relative path resolution Product: Apache httpd-2 Version: 2.5-HEAD Hardware: PC OS: Linux Status: NEW Severity: enhancement Priority: P2 Component: mod_rewrite Assignee: bugs@httpd.apache.org Reporter: o...@geek.co.il Target Milestone: --- When used in a per-directory context (.htaccess file), using file system checks in RewriteCond (such as -f) with relative paths causes mod_rewrite to resolve the paths relative to the current working directory of the server process instead of against the directory of the RewriteCond. In the following examples, using Docker, we are setting up the files `file.xyz` and `index.html` in the document root, and the creating the following rules in .htaccess: RewriteEngine On RewriteCond file.xyz -f RewriteRule . index.html [L] One might expect that as `file.xyz` exists, all requests will be redirected to `index.html`, and indeed the following command does appear to behave correctly: docker run -ti --rm --name httpd-test httpd bash -c ' sed -i -e "s/^#\(LoadModule .*rewrite\)/\1/;s/\(AllowOverride\).*/\1 All/" conf/httpd.conf; touch htdocs/file.xyz; echo success > htdocs/index.html; (echo "RewriteEngine On"; echo "RewriteCond file.xyz -f"; echo "RewriteRule . index.html") > htdocs/.htaccess; cd htdocs; httpd-foreground' But this only works because we cd into the document root before running the server. This, almost identical, command does not work - requests to the server will not match the rewrite rule: docker run -ti --rm --name httpd-test httpd bash -c ' sed -i -e "s/^#\(LoadModule .*rewrite\)/\1/;s/\(AllowOverride\).*/\1 All/" conf/httpd.conf; touch htdocs/file.xyz; echo success > htdocs/index.html; (echo "RewriteEngine On"; echo "RewriteCond file.xyz -f"; echo "RewriteRule . index.html") > htdocs/.htaccess; httpd-foreground' I believe it is not OK to expect the website creator to know in which directory the httpd process was executed and to adapt the mod_rewrite rules to that. Also, due to (I guess) security constraints, using relative URLs will never work if the server process current working directory is not somewhere under the document root. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org