Bug 37196

Summary: Wrong "Parent directory" link
Product: Apache httpd-2 Reporter: marcomurk <marcomurk>
Component: AllAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: RESOLVED LATER    
Severity: minor Keywords: MassUpdate
Priority: P3    
Version: 2.0-HEAD   
Target Milestone: ---   
Hardware: All   
OS: All   

Description marcomurk 2005-10-21 14:20:55 UTC
When a http request for an existing directory in the web root is sent to apache
with 2 slash at the beginning and at the end of directory's name, if directory
listing is enabled, the "parent directory" link will be wrong and could redirect
to other sites.
Example:
http://www.it.kernel.org//debian//
If you click on the "parent directory" link you'll be redirected to http://debian/.
Some browsers correct http://debian/ in http://www.debian.org/ and instead of
seeing the parent directory (the main page of www.it.kernel.org), you're now
seeing another site's page (http://www.debian.org/).
I hope this will be useful for you.
I'm sorry for my English and my inexperience.
Marcomurk
Comment 1 André Malo 2005-10-21 14:25:54 UTC
Uhm. That looks more like a misconfigured Alias (e.g.
http://www.it.kernel.org/debian results in 404). A "perfect" alias should be

Alias /debian /path/to/debian

without any trailing slashes. Then you get proper trailing slash redirects and
that. I suspect, that you have

Alias /debian/ /path/to/debian

or something like that. Can you check that?
Comment 2 marcomurk 2005-10-21 22:08:04 UTC
Thanks for your quick reply.
I checked what you suggested me but I didn't find the trailing slash in my alias
instructions.
Hovewer I noticed there's the same problem in all the apache servers with
directory listing of the web root enabled (even lots of apache downloads
mirrors), and even in servers don't result 404 when the trailing slash is not used.
Here're some examples:
http://mirror.nohup.it/apache doesn't result 404.
http://mirror.nohup.it//apache// --> parent dir link --> http://apache/ -->
browser's correction (mozilla firefox's one) --> www.apache.org
http://apache.mirror99.com//perl// -->parent dir link--> http://perl/ -->
browser's correction --> www.perl.com
http://apache.mirrors.versehost.com//cocoon//-->parent dir link-->
http://cocoon/ --> browser's correction --> www.cocoon.com
http://apache.secsup.org//dist// -->parent dir link--> http://dist/--> browser's
correction --> www.linux.org/dist

Marcomurk
Comment 3 Daniel Gruno 2012-05-01 05:55:07 UTC
Poking at this old bug.

This isn't really an httpd error as much as it is a browser quirkiness. If you look at the source code for the HTML, you will see that the address isn't http://apache/ but instead //apache/, which is what you would expect the parent of //apache// to be. That [insert browser name here] translates that into adding a http scheme in front of it, well that can't really be helped much by httpd.

Having said that, the behavior, at least in 2.2 and 2.4 are that any excessive leading slashes are now removed when the parent URI is translated. I'm not sure whether this also applies to 2.0, can someone confirm/deny this?
Comment 4 William A. Rowe Jr. 2018-11-07 21:09:58 UTC
Please help us to refine our list of open and current defects; this is a mass update of old and inactive Bugzilla reports which reflect user error, already resolved defects, and still-existing defects in httpd.

As repeatedly announced, the Apache HTTP Server Project has discontinued all development and patch review of the 2.2.x series of releases. The final release 2.2.34 was published in July 2017, and no further evaluation of bug reports or security risks will be considered or published for 2.2.x releases. All reports older than 2.4.x have been updated to status RESOLVED/LATER; no further action is expected unless the report still applies to a current version of httpd.

If your report represented a question or confusion about how to use an httpd feature, an unexpected server behavior, problems building or installing httpd, or working with an external component (a third party module, browser etc.) we ask you to start by bringing your question to the User Support and Discussion mailing list, see [https://httpd.apache.org/lists.html#http-users] for details. Include a link to this Bugzilla report for completeness with your question.

If your report was clearly a defect in httpd or a feature request, we ask that you retest using a modern httpd release (2.4.33 or later) released in the past year. If it can be reproduced, please reopen this bug and change the Version field above to the httpd version you have reconfirmed with.

Your help in identifying defects or enhancements still applicable to the current httpd server software release is greatly appreciated.