Bug 49810

Summary: Mod_autoindex output of header/body/footer scrambled
Product: Apache httpd-2 Reporter: Wayne Densmore <waynedensmore>
Component: mod_autoindexAssignee: Apache HTTPD Bugs Mailing List <bugs>
Severity: normal Keywords: MassUpdate
Priority: P2    
Version: 2.2.11   
Target Milestone: ---   
Hardware: Other   
OS: Linux   

Description Wayne Densmore 2010-08-23 11:56:48 UTC
It seems that mod_autoindex's directory listing and the custom header
and footer files are separate streams that are not sequenced/handled
correctly in all circumstances.  Here are details of 2 failure modes.

Test setup: 
(using a host where PHP as a mod is no longer available, so using php as a cgi.)
.htaccess includes:

 > AddHandler php5-cgi .html
 > AddType text/html .html
 > HeaderName test_doc_header.html

mod_deflate must be enabled.

The test header is a simple header with a H1 header, like the default.  PHP code to generate the header can be added or omitted without affecting the result.  If using netconnect to test, you must accept compressed output.

Failure mode 1: Accessing a directory (with no index.html) caused the server to serve up the custom header correctly and some garbage for the file listing.  
Disabling mod_deflate (or not accepting compressed output in client) fixed it so that both came out right.  My guess is that the header was compressed and the file listing was not, so decompressing gave garbage.

Failure mode 2: Start with same setup, but now with mod_deflate disabled.  Add a ReadmeName with a test footer to the htaccess setup.  The sequence of display in the browser is header, footer, then file listing.
Comment 1 Eric Covener 2010-08-23 12:09:46 UTC
I was able to reproduce this with just a Readme and Header that were both just php5-cgi executed phpinfo() scripts, and the directory listing was in fact below the footer.  

Using simple shell scripts as CGI did not show any problem.
Comment 2 William A. Rowe Jr. 2018-11-07 21:09:47 UTC
Please help us to refine our list of open and current defects; this is a mass update of old and inactive Bugzilla reports which reflect user error, already resolved defects, and still-existing defects in httpd.

As repeatedly announced, the Apache HTTP Server Project has discontinued all development and patch review of the 2.2.x series of releases. The final release 2.2.34 was published in July 2017, and no further evaluation of bug reports or security risks will be considered or published for 2.2.x releases. All reports older than 2.4.x have been updated to status RESOLVED/LATER; no further action is expected unless the report still applies to a current version of httpd.

If your report represented a question or confusion about how to use an httpd feature, an unexpected server behavior, problems building or installing httpd, or working with an external component (a third party module, browser etc.) we ask you to start by bringing your question to the User Support and Discussion mailing list, see [https://httpd.apache.org/lists.html#http-users] for details. Include a link to this Bugzilla report for completeness with your question.

If your report was clearly a defect in httpd or a feature request, we ask that you retest using a modern httpd release (2.4.33 or later) released in the past year. If it can be reproduced, please reopen this bug and change the Version field above to the httpd version you have reconfirmed with.

Your help in identifying defects or enhancements still applicable to the current httpd server software release is greatly appreciated.