On 12/25/2006 01:06 PM, wrote: > Author: niq > Date: Mon Dec 25 04:06:33 2006 > New Revision: 490142 > > URL: http://svn.apache.org/viewvc?view=rev&rev=490142 > Log: > PR#35314: Enable path components in Redirect > > Modified: > httpd/httpd/trunk/modules/mappers/mod_alias.c > > Modified: httpd/httpd/trunk/modules/mappers/mod_alias.c > URL: > http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_alias.c?view=diff&rev=490142&r1=490141&r2=490142 > ============================================================================== > --- httpd/httpd/trunk/modules/mappers/mod_alias.c (original) > +++ httpd/httpd/trunk/modules/mappers/mod_alias.c Mon Dec 25 04:06:33 2006 > @@ -204,7 +204,10 @@ > if (ap_is_HTTP_REDIRECT(status)) { > if (!url) > return "URL to redirect to is missing"; > - if (!use_regex && !ap_is_url(url)) > + /* PR#35314: we can allow path components here; > + * they get correctly resolved to full URLs.
Where? A quick check shows that the resulting Location header has no scheme and host in front. AFAICT this violates 14.30 of RFC2616 as the value of a Location header must be an absoluteURI or better absolute-URI as defined in 4.3 of RFC3986. Of course you can already create invalid Location headers with RedirectMatch. So it might make sense to check the validity of a Location header after applying a Redirect(Match) to a request to ensure that it results in an absolute-URI and maybe fix it if it does not seem to be one. Regards RĂ¼diger
