Just noticed a strange problem with one of my business servers. It's
configured identically (afaik) to all of my other servers (which do not
exhibit this behavior), with Apache 1.3.20 and PHP 4.0.6, running on Linux
Mandrake 7.2.
The problem occurs only when requesting PHP documents. Say, for example, I
have a PHP script at: http://www.example.com/myphpscript.php
For some reason, I can also access this page via:
http://www.example.com/myphpscript
On top of that, I seem to be able to pass a whole bogus path afterwards:
http://www.example.com/myphpscript/blah/blah/blah/and/so/on/etc/
...and the page (myphpscript.php) is still displayed properly.
It's not really a big deal, but I had some prick with too much time on his
hands taking advantage of this, filling my logfiles with thousands of
requests for ~300-character URLs.
This ONLY happens with files with the .php extension (not .html files) so
I'm not sure if it's a problem with my Apache config, my PHP config, or
what... Anyone have any clues? I've been through both the Apache and PHP
docs a few times over, but can't seem to find anything relevant.
Compiled Apache with:
--prefix=/usr/local/apache --enable-module=ssl --enable-module=so --enable-m
odule=log_agent --enable-module=log_referer --enable-module=proxy --enable-m
odule=rewrite --enable-module=speling --enable-module=usertrack --enable-mod
ule=vhost_alias
And PHP with:
--with-apxs=/usr/local/apache/bin/apxs --enable-versioning --with-mysql=/usr
/local/mysql --enable-track-vars
Any help would be appreciated!
Helmut
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
