Bug 10946

Summary: redundant slashes in urls cause 403 Forbidden errors
Product: Apache httpd-2 Reporter: m wolf <maw>
Component: CoreAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: CLOSED FIXED    
Severity: normal CC: herabwww, maw
Priority: P3    
Version: 2.0.39   
Target Milestone: ---   
Hardware: PC   
OS: Linux   
Attachments: patch

Description m wolf 2002-07-18 14:12:12 UTC 
Trying to retrieve http://foo.ximian.com/bar.html will work, but trying to
retrieve http://foo.ximian.com//bar.html (note the redundant slashes) fails with
a 403.  For what it's worth, http://foo.ximian.com/baz//baz.html works OK.  

As a workaround, I used mod_rewrite in a manner similar to this:
    RewriteEngine On
    RewriteRule ^//(.*$) /path/to/docroot/$1
This works, and the performance hit doesn't seem to be especially great, but it
isn't ideal.
Comment 1 Stefan Steinbeck 2002-07-18 16:11:39 UTC 
I'm suffering from the same problem, but in my (a bit more) complex server 
setup the rewrite rule would have to be split up in multiple rules. 
To clearify the things I tried to get some output in the error log, but even 
in "LogLevel debug" I don't get any message there. It is only noted in the 
access log as "GET //file".
Comment 2 David Shane Holden 2002-07-24 20:56:20 UTC 
I'm not sure if this is expected or even allowed behavior, but the following
patch should allow you to use redundant slashes.
Comment 3 David Shane Holden 2002-07-24 20:57:04 UTC 
Created attachment 2475 [details]
patch
Comment 4 William A. Rowe Jr. 2002-08-06 16:31:42 UTC 
  This bug is fixed in CVS, and that patch will hopefully be included 
  in the forthcoming Apache 2.0.40 release.

  Thanks for the detailed reports, and the suggested patch, David.
  I had to attack it a bit differently, there were actually two code
  paths to be dealt with, your patch fixed one of them.  Co-credit and
  kudos anyways for hacking in a fix!