|Summary:||Wrong "Parent directory" link|
|Product:||Apache httpd-2||Reporter:||marcomurk <marcomurk>|
|Component:||All||Assignee:||Apache HTTPD Bugs Mailing List <bugs>|
Description marcomurk 2005-10-21 14:20:55 UTC
When a http request for an existing directory in the web root is sent to apache with 2 slash at the beginning and at the end of directory's name, if directory listing is enabled, the "parent directory" link will be wrong and could redirect to other sites. Example: http://www.it.kernel.org//debian// If you click on the "parent directory" link you'll be redirected to http://debian/. Some browsers correct http://debian/ in http://www.debian.org/ and instead of seeing the parent directory (the main page of www.it.kernel.org), you're now seeing another site's page (http://www.debian.org/). I hope this will be useful for you. I'm sorry for my English and my inexperience. Marcomurk
Comment 1 André Malo 2005-10-21 14:25:54 UTC
Uhm. That looks more like a misconfigured Alias (e.g. http://www.it.kernel.org/debian results in 404). A "perfect" alias should be Alias /debian /path/to/debian without any trailing slashes. Then you get proper trailing slash redirects and that. I suspect, that you have Alias /debian/ /path/to/debian or something like that. Can you check that?
Comment 2 marcomurk 2005-10-21 22:08:04 UTC
Thanks for your quick reply. I checked what you suggested me but I didn't find the trailing slash in my alias instructions. Hovewer I noticed there's the same problem in all the apache servers with directory listing of the web root enabled (even lots of apache downloads mirrors), and even in servers don't result 404 when the trailing slash is not used. Here're some examples: http://mirror.nohup.it/apache doesn't result 404. http://mirror.nohup.it//apache// --> parent dir link --> http://apache/ --> browser's correction (mozilla firefox's one) --> www.apache.org http://apache.mirror99.com//perl// -->parent dir link--> http://perl/ --> browser's correction --> www.perl.com http://apache.mirrors.versehost.com//cocoon//-->parent dir link--> http://cocoon/ --> browser's correction --> www.cocoon.com http://apache.secsup.org//dist// -->parent dir link--> http://dist/--> browser's correction --> www.linux.org/dist Marcomurk
Comment 3 Daniel Gruno 2012-05-01 05:55:07 UTC
Poking at this old bug. This isn't really an httpd error as much as it is a browser quirkiness. If you look at the source code for the HTML, you will see that the address isn't http://apache/ but instead //apache/, which is what you would expect the parent of //apache// to be. That [insert browser name here] translates that into adding a http scheme in front of it, well that can't really be helped much by httpd. Having said that, the behavior, at least in 2.2 and 2.4 are that any excessive leading slashes are now removed when the parent URI is translated. I'm not sure whether this also applies to 2.0, can someone confirm/deny this?
Comment 4 William A. Rowe Jr. 2018-11-07 21:09:58 UTC
Please help us to refine our list of open and current defects; this is a mass update of old and inactive Bugzilla reports which reflect user error, already resolved defects, and still-existing defects in httpd. As repeatedly announced, the Apache HTTP Server Project has discontinued all development and patch review of the 2.2.x series of releases. The final release 2.2.34 was published in July 2017, and no further evaluation of bug reports or security risks will be considered or published for 2.2.x releases. All reports older than 2.4.x have been updated to status RESOLVED/LATER; no further action is expected unless the report still applies to a current version of httpd. If your report represented a question or confusion about how to use an httpd feature, an unexpected server behavior, problems building or installing httpd, or working with an external component (a third party module, browser etc.) we ask you to start by bringing your question to the User Support and Discussion mailing list, see [https://httpd.apache.org/lists.html#http-users] for details. Include a link to this Bugzilla report for completeness with your question. If your report was clearly a defect in httpd or a feature request, we ask that you retest using a modern httpd release (2.4.33 or later) released in the past year. If it can be reproduced, please reopen this bug and change the Version field above to the httpd version you have reconfirmed with. Your help in identifying defects or enhancements still applicable to the current httpd server software release is greatly appreciated.