Bug 63608

Summary: Negative pattern match in rewrite rule is not as documented
Product: Tomcat 8 Reporter: michaelc <michaelc>
Component: CatalinaAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: 8.5.x-trunk   
Target Milestone: ----   
Hardware: All   
OS: All   

Description michaelc 2019-07-24 19:11:58 UTC
The mention of using "NOT character ('!')" in rule patterns as negative match no longer matches implementation:

https://tomcat.apache.org/tomcat-8.5-doc/rewrite.html

    In the rules, the NOT character ('!') is also available as a possible pattern prefix. This enables you to negate a pattern; to say, for instance: ``if the current URL does NOT match this pattern''. This can be used for exceptional cases, where it is easier to match the negative pattern, or as a last default rule.


The current implementation uses java.util.regex, which does not support a simple ! prefix as a negative match regex:

https://docs.oracle.com/javase/8/docs/api/index.html?java/util/regex/Pattern.html

Instead, you need to use zero-width lookahead like this (to match any URL but /portal/api/.*)

^(?!/portal/api/.*).*$

This inaccurate documentation exist in all versions, at least since 8.0.x. For backward compatibility to the above documentation, RewriteRule needs the `positive` variable and logic found in the RewriteCond class.
Comment 1 Mark Thomas 2019-07-29 14:42:04 UTC
Thanks for the report.

Fixed in:
- master for 9.0.23 onwards
- 8.5.x for 8.5.44 onwards

The RewriteValve is not present in 7.0.x