Bug 49131 - Very long URLs cause 404 or 403 errors with SetAction, RewriteRule, RedirectMatch...
Summary: Very long URLs cause 404 or 403 errors with SetAction, RewriteRule, RedirectM...
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: Core (show other bugs)
Version: 2.2.11
Hardware: PC Linux
: P2 normal with 2 votes (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Depends on:
Reported: 2010-04-15 17:50 UTC by Alain Knaff
Modified: 2013-09-17 20:18 UTC (History)
2 users (show)


Note You need to log in before you can comment on or make changes to this bug.
Description Alain Knaff 2010-04-15 17:50:36 UTC
We've got a virtual host set up where all requests are redirected to a cgi script using SetAction

<Virtualhost *:80>
        ServerName mytest
        DocumentRoot /var/www/mytest

        Options +ExecCGI
        Action all /index.cgi virtual
        <Location /index.cgi>
                SetHandler cgi-script
        SetHandler all

... where index.cgi is just a small example that prints the environment

echo Content-Type: text/plain

This works ok for small URLs such as


However, for very long URLs, weird stuff happens. Often we get a 404, and sometimes a 403.


It really looks like some kind of buffer overrun...

Same thing with RewriteRule:

<Virtualhost *:80>
        ServerName mytest
        DocumentRoot /var/www/mytest

        RewriteEngine on
        RewriteRule /.* /index.cgi [L]


<Virtualhost *:80>
        ServerName mytest
        DocumentRoot /var/www/mytest

        RedirectMatch /............* /index.cgi
Comment 1 zwoop 2010-07-01 17:13:42 UTC
When I try this, I see a similar problem, but always a 403. My error log says

[Thu Jul 01 14:59:23.126222 2010] [error] [pid 2065:tid 139906479290128] [client ::1:35270] (36)File name too long: access to /aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaassssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssaaaaaaaaaaaabcdefghijklm failed

So, it seems to me that something is "stat"ing names that really aren't files. Do you see a similar error in your logs?
Comment 2 Alain Knaff 2010-07-11 17:26:43 UTC
I do indeed get something similar:

[Sun Jul 11 23:18:11 2010] [error] [client] (36)File name too long: access to /01234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789 failed