In server/core.c: ap_core_translate, the function apr_filepath_merge is called two different times. Most of the errors from apr_filepath_merge relate to resulting local path values that fall outside the valid server path and make sense to return a 403.
There is one case here that is not so clear though. Inside apr_filepath_merge, you can also exceed the local system's PATH_MAX and the function returns APR_ENAMETOOLONG. This results in a 403 being returned for a case where we refused to process the request because the resulting local path name exceeded the PATH_MAX value. Should this return 414 when it gets APR_ENAMETOOLONG or is it valid to return 403? -- Paul J. Reder ----------------------------------------------------------- "The strength of the Constitution lies entirely in the determination of each citizen to defend it. Only if every single citizen feels duty bound to do his share in this defense are the constitutional rights secure." -- Albert Einstein