On Fri, Dec 08, 2000 at 07:23:08PM +0400, BeerBong wrote:
> Hello!
>
> I tried to migrate to Apache 1.3.14 from 1.3.12 ...
> Heh.
> After recompiling apache and starting the server with the same config get
> 400 Bad request on any request to mod_perl back-end server. Static html and
> images are returned ok.
>
> Some time was spent for hunting the problem.
> Turn on rewriting log with level 9.
>
> RewriteEngine On
> RewriteLogLevel 9
> RewriteLog /var/apache/simple_d/logs/rewrite.log
> RewriteMap ports txt:/usr/local/apache/conf/port_d.map
> RewriteRule ^/(.*\.s?asp)$ http://$host:${ports:%{SERVER_PORT}|8081}/$1
> [P,L]
>
> Request
> /paper/test.asp
> translated to
> http://www.samara.ru:|8081}/paper/test.asp
>
> It seems that mod_rewrite processes nested back references not correctly.
> Just meets first closing brace and consider it as back reference.
Hello,
I observed the same problem with nested ${}/%{} statements such as
RewriteMap actrlprg:/usr/local/apache-1.3.12/bin/rewrite-map.pl
RewriteRule ^/(ac-)?adm/?(.*)$ ${actrl:%{HTTP:Authorization}#a#/ac-adm/$2} [PT,L]
(... -- details irrelevant here) ^
what seems to be causing the problem is that the brace directly
following "Authorization" is interpreted as the closing brace for "${"
instead of "%{".
>From a quick glance at the code I would say that the strchr() in line 2261
of rewrite.c (the one distributed with 1.3.14) is responsible for this...
I don't know if nested statements such as these are by intention no
longer supported since the recent security-related patch (?)
Perhaps someone more knowledgable could comment on this -- thanks!
--
Erdmut Pfeifer
science+computing gmbh
-- Bugs come in through open windows. Keep Windows shut! --
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
