[Note that the case (ie UPPER- or lowercase) of text in "double quotes" should be paid attention to in this ticket.] Apache's directory redirection engine accepts lowercase input. To reproduce behavior (confirmed by one other person): #1. Create the folder "/foo" (or whatever, the directory name doesn't matter) on any server. #2. Telnet or use "nc" to connect to your server. Be sure to specify port 80. #3. Send "get /foo" and Apache will return the standard 301 "this is located at /foo/" (note the trailing slash). #4. Now send "get /foo/" and notice how Apache sends a 501 - "Not Implemented." #5. Finally, send "GET /foo/" and you will recieve the correct response. To expound/recap/emphasize, the bug appears in #3, where Apache returns 301 - "Moved Permanently" after a lowercase command was sent, instead of returning 501, which it should to be standards conformant. Note that Apache will send a 501 if you send "get /thisdirdoesntexist", where 'thisdirdoesntexist' is a directory on the server that, well, doesn't exist. This has only been tested on my system, and not tested elsewhere. -dav7
What standard exactly is being violated here? Some of your assumptions are wrong. When apache sees "get /foo" it treats it exactly like "BAR /foo". In other words, it treats it as an unknown method acting on an improperly-canonicalized directory. It is not doing a case-insensitive match on GET. So what is happening is that apache ignores the method entirely when it receives a request for an improperly-canonicalized directory and simply sends the redirect. In the case of "BAR /foo", apache doesn't even try to determine whether the resource /foo will actually deal with the method BAR. Trying to check this would add considerable complexity for very little gain. And by the way, "get /foo" and even "GET /foo/" are not correct requests in any recent version of http. If you are testing protocol compliance, you should start with a reasonable request.