Bug 10946 - redundant slashes in urls cause 403 Forbidden errors
Summary: redundant slashes in urls cause 403 Forbidden errors
Status: CLOSED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: Core (show other bugs)
Version: 2.0.39
Hardware: PC Linux
: P3 normal with 3 votes (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-07-18 14:12 UTC by m wolf
Modified: 2004-11-16 19:05 UTC (History)
2 users (show)



Attachments
patch (1.15 KB, patch)
2002-07-24 20:57 UTC, David Shane Holden
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description m wolf 2002-07-18 14:12:12 UTC
Trying to retrieve http://foo.ximian.com/bar.html will work, but trying to
retrieve http://foo.ximian.com//bar.html (note the redundant slashes) fails with
a 403.  For what it's worth, http://foo.ximian.com/baz//baz.html works OK.  

As a workaround, I used mod_rewrite in a manner similar to this:
    RewriteEngine On
    RewriteRule ^//(.*$) /path/to/docroot/$1
This works, and the performance hit doesn't seem to be especially great, but it
isn't ideal.
Comment 1 Stefan Steinbeck 2002-07-18 16:11:39 UTC
I'm suffering from the same problem, but in my (a bit more) complex server 
setup the rewrite rule would have to be split up in multiple rules. 
To clearify the things I tried to get some output in the error log, but even 
in "LogLevel debug" I don't get any message there. It is only noted in the 
access log as "GET //file".
Comment 2 David Shane Holden 2002-07-24 20:56:20 UTC
I'm not sure if this is expected or even allowed behavior, but the following
patch should allow you to use redundant slashes.
Comment 3 David Shane Holden 2002-07-24 20:57:04 UTC
Created attachment 2475 [details]
patch
Comment 4 William A. Rowe Jr. 2002-08-06 16:31:42 UTC
  This bug is fixed in CVS, and that patch will hopefully be included 
  in the forthcoming Apache 2.0.40 release.

  Thanks for the detailed reports, and the suggested patch, David.
  I had to attack it a bit differently, there were actually two code
  paths to be dealt with, your patch fixed one of them.  Co-credit and
  kudos anyways for hacking in a fix!