Summary: | server-parsed documents served with additional path info | ||
---|---|---|---|
Product: | Apache httpd-1.3 | Reporter: | David Baron <dbaron> |
Component: | mod_include | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | CLOSED WONTFIX | ||
Severity: | normal | Keywords: | FAQ |
Priority: | P3 | ||
Version: | HEAD | ||
Target Milestone: | --- | ||
Hardware: | All | ||
OS: | All |
Description
David Baron
2003-01-30 14:07:19 UTC
Yes, it's a known issue. There were a lot of discussion about SSI and path info in the past. However, these resulted in the behaviour in Apache 2.x, were SSI (resp. the core handler) rejects all path info by default and has to be explicitely turned on. (<http://httpd.apache.org/docs-2.0/mod/core.html#acceptpathinfo>) You may want to use mod_rewrite or similar to check for PATH_INFO and reject the request. Thanks for using Apache! To be very precise, AcceptPathInfo Default causes the path info to be accepted by the corresponding handler by it's specific preference. So most content generators, such as CGI, PHP, and SSI (because SSI may nest other generators) default to accepting path info. The core static content handler defaults to rejecting path info. But any of these may be overriden with AcceptPathInfo to tollerate or reject such requests. For disambigiating URIs I strong believe in setting AcceptPathInfo Off within the root of the server, and setting up AcceptPathInfo On only for the scripts and content which *uses* the path info (e.g. a viewcvs.cgi style script.) But that's religion and advocacy. In order to prevent *breaking* all of the deployed 1.3.x servers as they migrated to 2.0.x, the team elected to keep the behavior as similar as possible to Apache 1.3's behavior. |