Note Some of the examples below may be "expected", but the results seem incorrect in a couple of the cases. Synopsis: 1. Apache 2.2 used to treat "RewriteRule .* goodbye.txt" and "RewriteRule .* /goodbye.txt" identically by treating goodbye.txt as a file in the docroot (even beginning / was missing). 2. Apache 2.2 used to correctly forbid access to a goodbye.txt when a directive above it prevented access (e.g. Order deny,allow\nDeny from all) 3. This no longer works in Apache 2.4 Example of Apache 2.4.18 working correctly: 1. Create /home/cgihw/public_html/.htaccess: Require all denied RewriteEngine on RewriteRule .* /goodbye.txt [L] 2. Remove file: rm -f /home/cgihw/public_html/403.shtml 3. Remove file: rm -f /home/cgihw/public_html/missing.txt 4. Create file: echo "goodbye world" > /home/cgihw/public_html/goodbye.txt 5. Navigate to http://cgihw.loc/missing.txt 6. Observe that Apache 2.4.18 gives a 403 Forbidden response 7. Observe the default LimitInternalRecursion limit of 10 is hit 8. Observe that no Internal server error is presented to user user Example of Apache 2.4.18 working incorrectly: 1. Create /home/cgihw/public_html/.htaccess: Require all denied RewriteEngine on RewriteRule .* goodbye.txt [L] 2. Remove file: rm -f /home/cgihw/public_html/403.shtml 3. Remove file: rm -f /home/cgihw/public_html/missing.txt 4. Create file: echo "goodbye world" > /home/cgihw/public_html/goodbye.txt 5. Navigate to http://cgihw.loc/missing.txt 6. Observe that you are incorrectly presented with the contents of goodbye.txt 7. Observe that the LimitInternalRecursion limit is never compared against 8. Observe that no Internal server error is presented to the user Example of Apache 2.4.18 erroneously present Internal server error 1. Create /home/cgihw/public_html/.htaccess: Require all granted RewriteEngine on RewriteRule .* /goodbye.txt [L] 2. Remove file: rm -f /home/cgihw/public_html/403.shtml 3. Remove file: rm -f /home/cgihw/public_html/missing.txt 4. Create file: echo "goodbye world" > /home/cgihw/public_html/goodbye.txt 5. Navigate to http://cgihw.loc/missing.txt 6. Observe that you are now presented with an Internal server error, instead of a forbidden message 7. Observe the default LimitInternalRecursion limit of 10 is hit Background Notes - This seems to be a problem within mod_rewrite not setting the redirect-handler correctly for the generated sub request when the 403 ErrorDocument is missing. The log indicates that the request is denied, yet the web server still presents the user with content. - This used to work in Apache 2.2, but no longer works in Apache 2.4.18. The difference being, Apache 2.2 used the 'Order' directive, and not 'Require' directive. I've attached the following files: - Example httpd.conf (file: broken.conf) - Configure line used to compile Apache 2.4.18 - Log output for success - Log output for regression Please see logs, configure line, and example Apache configuration for more detailed information.
Created attachment 33436 [details] Apache configuration file
Created attachment 33437 [details] Logging output when RewriteRule ignores Require directive
Created attachment 33438 [details] Logging output when RewriteRule obeys Require directive
Configure Line: ./configure --enable-info=static --disable-v4-mapped --enable-access-compat=static --enable-actions=static --enable-alias=static --enable-asis=static --enable-auth_basic=static --enable-authn_core=static --enable-authn_file=static --enable-authz_core=static --enable-authz_groupfile=static --enable-authz_host=static --enable-authz_user=static --enable-autoindex=static --enable-cgi=static --enable-deflate=static --enable-dir=static --enable-env=static --enable-expires=static --enable-filter=static --enable-headers=static --enable-include=static --enable-log_config=static --enable-logio=static --enable-maintainer-mode --enable-mime=static --enable-modules=none --enable-negotiation=static --enable-proxy=static --enable-proxy-connect=static --enable-proxy-http=static --enable-rewrite=static --enable-setenvif=static --enable-slotmem_shm=static --enable-socache_dbm=static --enable-socache_shmcb=static --enable-ssl=static --enable-status=static --enable-suexec=static --enable-unique-id=static --enable-unixd=static --enable-userdir=static --enable-version=static --prefix=/usr/local/apache --with-crypto --with-included-apr --with-mpm=prefork --with-pcre=/opt/pcre --with-ssl=/usr --with-suexec-caller=nobody --with-suexec-docroot=/ --with-suexec-gidmin=100 --with-suexec-logfile=/usr/local/apache/logs/suexec_log --with-suexec-uidmin=100 --with-suexec-userdir=public_html
Are you able to rebuild mod_rewrite? http://people.apache.org/~covener/patches/rewrite-deadloop.diff This should resolve a difference between the relative and absolute substitutions and detecting the looping.
Hi Eric, Your patch corrects the issue and lets relative and absolute paths work identically. Thanks for the response! Kurt
Hi! ( https://github.com/melezhik/apache-swat - easy way to verify existed apache issues against your environment ) Confirming this issue is resolved against my environment: vagrant@Debian-jessie-vagrant@Debian-jessie-amd64-netboot:~/my/apache-swat$ swat -t 58854/ /home/vagrant/.swat/.cache/9277/prove/58854/granted2/missing.txt/00.GET.t .. ok 1 - GET 127.0.0.1/58854/granted2/missing.txt succeeded # http headers saved to /home/vagrant/.swat/.cache/9277/prove/zCQKWtpYir.hdr # body saved to /home/vagrant/.swat/.cache/9277/prove/zCQKWtpYir ok 2 - output match '200 OK' ok 3 - output match 'goodbye world from root' 1..3 ok /home/vagrant/.swat/.cache/9277/prove/58854/denied/missing.txt/00.GET.t .... ok 1 - GET 127.0.0.1/58854/denied/missing.txt succeeded # http headers saved to /home/vagrant/.swat/.cache/9277/prove/tj_HdkKgk5.hdr # body saved to /home/vagrant/.swat/.cache/9277/prove/tj_HdkKgk5 ok 2 - output match '403 Forbidden' 1..2 ok /home/vagrant/.swat/.cache/9277/prove/58854/granted/missing.txt/00.GET.t ... ok 1 - GET 127.0.0.1/58854/granted/missing.txt succeeded # http headers saved to /home/vagrant/.swat/.cache/9277/prove/Cmkh6umQP9.hdr # body saved to /home/vagrant/.swat/.cache/9277/prove/Cmkh6umQP9 ok 2 - output match '200 OK' ok 3 - output match 'goodbye world from 58854/granted' 1..3 ok All tests successful. Files=3, Tests=8, 1 wallclock secs ( 0.03 usr 0.00 sys + 0.14 cusr 0.01 csys = 0.18 CPU) Result: PASS amd64-netboot:~/my/apache-swat$ sudo ~/apache/bin/apachectl -V Server version: Apache/2.4.18 (Unix) Server built: Jan 30 2016 10:17:37 Server's Module Magic Number: 20120211:52 Server loaded: APR 1.5.1, APR-UTIL 1.5.4 Compiled using: APR 1.5.1, APR-UTIL 1.5.4 Architecture: 64-bit Server MPM: event threaded: yes (fixed thread count) forked: yes (variable process count) Server compiled with.... -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=256 -D HTTPD_ROOT="/home/vagrant/apache/" -D SUEXEC_BIN="/home/vagrant/apache//bin/suexec" -D DEFAULT_PIDLOG="logs/httpd.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="conf/mime.types" -D SERVER_CONFIG_FILE="conf/httpd.conf" Alexey Melezhik
Hi Eric, We've noticed a spike in tickets about RewriteRules no longer working after this patch. Granted, these rewrite rules look conspicuous, as in, they shouldn't work, or will result in looping, however we have enough reports of them that we think this might be a regression in behavior. We've verified these rewrites work before this patch, and now results in a ISE 500 / Max10Redirects after the patch. Example of some rewrites that are now dead looping when they didn't previously: ================================================== <IfModule mod_rewrite.c> RewriteEngine Off RewriteBase /blogg/ RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^(.+) - [PT,L] RewriteCond %{REQUEST_URI} !=/favicon.ico RewriteRule ^(.*) index.php RewriteCond %{HTTP:Authorization} !^$ RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization}] </IfModule> ================================================== <IfModule mod_rewrite.c> RewriteEngine On RewriteRule ^.*$ htaccess_tester.php </IfModule> ================================================== RewriteRule ^$ ?lang=IT [L] ================================================== RewriteRule ^public public.php [L] RewriteRule ^js.php js.php [L] ================================================== RewriteRule ^(.+) - [PT,L] ================================================== RewriteRule ^(.*) index.php ================================================== Any thoughts on this?
(In reply to Jacob P from comment #8) > We've noticed a spike in tickets about RewriteRules no longer working after > this patch. Granted, these rewrite rules look conspicuous, as in, they > shouldn't work, or will result in looping, however we have enough reports of > them that we think this might be a regression in behavior. We've verified > these rewrites work before this patch, and now results in a ISE 500 / > Max10Redirects after the patch. Sorry and thanks for the report. I think I now see what went wrong in the patch -- all different permutations of URLs, paths, and converted paths are handled in this block. Here is a followup that restores the original check and uses a slightly different check at the last moment: http://people.apache.org/~covener/patches/trunk-rewrite-deadloop2.diff I am hoping you can try some of those failing ones.
(In reply to Alexey Melezhik from comment #7) > Hi! > > ( https://github.com/melezhik/apache-swat - easy way to verify existed > apache issues against your environment ) > > Confirming this issue is resolved against my environment: > > vagrant@Debian-jessie-vagrant@Debian-jessie-amd64-netboot:~/my/apache-swat$ > swat -t 58854/ > /home/vagrant/.swat/.cache/9277/prove/58854/granted2/missing.txt/00.GET.t .. > ok 1 - GET 127.0.0.1/58854/granted2/missing.txt succeeded > # http headers saved to /home/vagrant/.swat/.cache/9277/prove/zCQKWtpYir.hdr > # body saved to /home/vagrant/.swat/.cache/9277/prove/zCQKWtpYir > ok 2 - output match '200 OK' > ok 3 - output match 'goodbye world from root' > 1..3 > ok > /home/vagrant/.swat/.cache/9277/prove/58854/denied/missing.txt/00.GET.t .... > ok 1 - GET 127.0.0.1/58854/denied/missing.txt succeeded > # http headers saved to /home/vagrant/.swat/.cache/9277/prove/tj_HdkKgk5.hdr > # body saved to /home/vagrant/.swat/.cache/9277/prove/tj_HdkKgk5 > ok 2 - output match '403 Forbidden' > 1..2 > ok > /home/vagrant/.swat/.cache/9277/prove/58854/granted/missing.txt/00.GET.t ... > ok 1 - GET 127.0.0.1/58854/granted/missing.txt succeeded > # http headers saved to /home/vagrant/.swat/.cache/9277/prove/Cmkh6umQP9.hdr > # body saved to /home/vagrant/.swat/.cache/9277/prove/Cmkh6umQP9 > ok 2 - output match '200 OK' > ok 3 - output match 'goodbye world from 58854/granted' > 1..3 > ok > All tests successful. > Files=3, Tests=8, 1 wallclock secs ( 0.03 usr 0.00 sys + 0.14 cusr 0.01 > csys = 0.18 CPU) > Result: PASS > > > > amd64-netboot:~/my/apache-swat$ sudo ~/apache/bin/apachectl -V > Server version: Apache/2.4.18 (Unix) > Server built: Jan 30 2016 10:17:37 > Server's Module Magic Number: 20120211:52 > Server loaded: APR 1.5.1, APR-UTIL 1.5.4 > Compiled using: APR 1.5.1, APR-UTIL 1.5.4 > Architecture: 64-bit > Server MPM: event > threaded: yes (fixed thread count) > forked: yes (variable process count) > Server compiled with.... > -D APR_HAS_SENDFILE > -D APR_HAS_MMAP > -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) > -D APR_USE_SYSVSEM_SERIALIZE > -D APR_USE_PTHREAD_SERIALIZE > -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT > -D APR_HAS_OTHER_CHILD > -D AP_HAVE_RELIABLE_PIPED_LOGS > -D DYNAMIC_MODULE_LIMIT=256 > -D HTTPD_ROOT="/home/vagrant/apache/" > -D SUEXEC_BIN="/home/vagrant/apache//bin/suexec" > -D DEFAULT_PIDLOG="logs/httpd.pid" > -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" > -D DEFAULT_ERRORLOG="logs/error_log" > -D AP_TYPES_CONFIG_FILE="conf/mime.types" > -D SERVER_CONFIG_FILE="conf/httpd.conf" > > > Alexey Melezhik I think this particular test might be questionable. It doesn't fail when I revert the fix.
(In reply to Eric Covener from comment #10) > (In reply to Alexey Melezhik from comment #7) > > Hi! > > > > ( https://github.com/melezhik/apache-swat - easy way to verify existed > > apache issues against your environment ) > > > > Confirming this issue is resolved against my environment: > > > > vagrant@Debian-jessie-vagrant@Debian-jessie-amd64-netboot:~/my/apache-swat$ > > swat -t 58854/ > > /home/vagrant/.swat/.cache/9277/prove/58854/granted2/missing.txt/00.GET.t .. > > ok 1 - GET 127.0.0.1/58854/granted2/missing.txt succeeded > > # http headers saved to /home/vagrant/.swat/.cache/9277/prove/zCQKWtpYir.hdr > > # body saved to /home/vagrant/.swat/.cache/9277/prove/zCQKWtpYir > > ok 2 - output match '200 OK' > > ok 3 - output match 'goodbye world from root' > > 1..3 > > ok > > /home/vagrant/.swat/.cache/9277/prove/58854/denied/missing.txt/00.GET.t .... > > ok 1 - GET 127.0.0.1/58854/denied/missing.txt succeeded > > # http headers saved to /home/vagrant/.swat/.cache/9277/prove/tj_HdkKgk5.hdr > > # body saved to /home/vagrant/.swat/.cache/9277/prove/tj_HdkKgk5 > > ok 2 - output match '403 Forbidden' > > 1..2 > > ok > > /home/vagrant/.swat/.cache/9277/prove/58854/granted/missing.txt/00.GET.t ... > > ok 1 - GET 127.0.0.1/58854/granted/missing.txt succeeded > > # http headers saved to /home/vagrant/.swat/.cache/9277/prove/Cmkh6umQP9.hdr > > # body saved to /home/vagrant/.swat/.cache/9277/prove/Cmkh6umQP9 > > ok 2 - output match '200 OK' > > ok 3 - output match 'goodbye world from 58854/granted' > > 1..3 > > ok > > All tests successful. > > Files=3, Tests=8, 1 wallclock secs ( 0.03 usr 0.00 sys + 0.14 cusr 0.01 > > csys = 0.18 CPU) > > Result: PASS > > > > > > > > amd64-netboot:~/my/apache-swat$ sudo ~/apache/bin/apachectl -V > > Server version: Apache/2.4.18 (Unix) > > Server built: Jan 30 2016 10:17:37 > > Server's Module Magic Number: 20120211:52 > > Server loaded: APR 1.5.1, APR-UTIL 1.5.4 > > Compiled using: APR 1.5.1, APR-UTIL 1.5.4 > > Architecture: 64-bit > > Server MPM: event > > threaded: yes (fixed thread count) > > forked: yes (variable process count) > > Server compiled with.... > > -D APR_HAS_SENDFILE > > -D APR_HAS_MMAP > > -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) > > -D APR_USE_SYSVSEM_SERIALIZE > > -D APR_USE_PTHREAD_SERIALIZE > > -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT > > -D APR_HAS_OTHER_CHILD > > -D AP_HAVE_RELIABLE_PIPED_LOGS > > -D DYNAMIC_MODULE_LIMIT=256 > > -D HTTPD_ROOT="/home/vagrant/apache/" > > -D SUEXEC_BIN="/home/vagrant/apache//bin/suexec" > > -D DEFAULT_PIDLOG="logs/httpd.pid" > > -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" > > -D DEFAULT_ERRORLOG="logs/error_log" > > -D AP_TYPES_CONFIG_FILE="conf/mime.types" > > -D SERVER_CONFIG_FILE="conf/httpd.conf" > > > > > > Alexey Melezhik > > I think this particular test might be questionable. It doesn't fail when I > revert the fix. I think the problem is likely the "absolute" paths, which are / in the PR, need to be /58854/granted/...
(In reply to Eric Covener from comment #9) > (In reply to Jacob P from comment #8) > > We've noticed a spike in tickets about RewriteRules no longer working after > > this patch. Granted, these rewrite rules look conspicuous, as in, they > > shouldn't work, or will result in looping, however we have enough reports of > > them that we think this might be a regression in behavior. We've verified > > these rewrites work before this patch, and now results in a ISE 500 / > > Max10Redirects after the patch. > > Sorry and thanks for the report. I think I now see what went wrong in the > patch -- all different permutations of URLs, paths, and converted paths are > handled in this block. > > Here is a followup that restores the original check and uses a slightly > different check at the last moment: > > http://people.apache.org/~covener/patches/trunk-rewrite-deadloop2.diff > > I am hoping you can try some of those failing ones. Our initial testing advises that the fix for rewrites looping works, but the original issue persists, that the RewriteRule ignores any Requires.
> Our initial testing advises that the fix for rewrites looping works, but the > original issue persists, that the RewriteRule ignores any Requires. I'm fairly sure I originally tested that case, with the regressing patch, but I can no longer get it to fail even with a vanilla 2.4.18. But I am now questioning whether I really did. mod_rewrite specified in htaccess doesn't even run in the 'require all denied' case. Must be missing something.
(In reply to Eric Covener from comment #13) > > Our initial testing advises that the fix for rewrites looping works, but the > > original issue persists, that the RewriteRule ignores any Requires. > > I'm fairly sure I originally tested that case, with the regressing patch, > but I can no longer get it to fail even with a vanilla 2.4.18. But I am now > questioning whether I really did. > > mod_rewrite specified in htaccess doesn't even run in the 'require all > denied' case. Must be missing something. Something that fuels my doubts is how I worded the fix, wrt looping only. Can anyone share trace8 output for this failure on 2418: Example of Apache 2.4.18 working incorrectly: 1. Create /home/cgihw/public_html/.htaccess: Require all denied RewriteEngine on RewriteRule .* goodbye.txt [L] 2. Remove file: rm -f /home/cgihw/public_html/403.shtml 3. Remove file: rm -f /home/cgihw/public_html/missing.txt 4. Create file: echo "goodbye world" > /home/cgihw/public_html/goodbye.txt 5. Navigate to http://cgihw.loc/missing.txt 6. Observe that you are incorrectly presented with the contents of goodbye.txt 7. Observe that the LimitInternalRecursion limit is never compared against 8. Observe that no Internal server error is presented to the user
(In reply to Eric Covener from comment #14) > (In reply to Eric Covener from comment #13) > > > Our initial testing advises that the fix for rewrites looping works, but the > > > original issue persists, that the RewriteRule ignores any Requires. > > > > I'm fairly sure I originally tested that case, with the regressing patch, > > but I can no longer get it to fail even with a vanilla 2.4.18. But I am now > > questioning whether I really did. > > > > mod_rewrite specified in htaccess doesn't even run in the 'require all > > denied' case. Must be missing something. > > Something that fuels my doubts is how I worded the fix, wrt looping only. > Can anyone share trace8 output for this failure on 2418: > > Example of Apache 2.4.18 working incorrectly: > 1. Create /home/cgihw/public_html/.htaccess: > Require all denied > RewriteEngine on > RewriteRule .* goodbye.txt [L] > 2. Remove file: rm -f /home/cgihw/public_html/403.shtml > 3. Remove file: rm -f /home/cgihw/public_html/missing.txt > 4. Create file: echo "goodbye world" > /home/cgihw/public_html/goodbye.txt > 5. Navigate to http://cgihw.loc/missing.txt > 6. Observe that you are incorrectly presented with the contents of > goodbye.txt > 7. Observe that the LimitInternalRecursion limit is never compared against > 8. Observe that no Internal server error is presented to the user Here's trace8 with a patched 2.4.18 (original patch provided by Eric, not the second): [Mon Feb 29 16:09:18.805864 2016] [core:trace5] [pid 8692] protocol.c(616): [client 192.168.122.236:42428] Request received from client: GET /missing.txt HTTP/1.1 [Mon Feb 29 16:09:18.806118 2016] [http:trace4] [pid 8692] http_request.c(394): [client 192.168.122.236:42428] Headers received from client: [Mon Feb 29 16:09:18.806135 2016] [http:trace4] [pid 8692] http_request.c(398): [client 192.168.122.236:42428] User-Agent: curl/7.29.0 [Mon Feb 29 16:09:18.806143 2016] [http:trace4] [pid 8692] http_request.c(398): [client 192.168.122.236:42428] Host: cgihw.tld [Mon Feb 29 16:09:18.806150 2016] [http:trace4] [pid 8692] http_request.c(398): [client 192.168.122.236:42428] Accept: */* [Mon Feb 29 16:09:18.806422 2016] [authz_core:debug] [pid 8692] mod_authz_core.c(809): [client 192.168.122.236:42428] AH01626: authorization result of Require all denied: denied [Mon Feb 29 16:09:18.806447 2016] [authz_core:debug] [pid 8692] mod_authz_core.c(809): [client 192.168.122.236:42428] AH01626: authorization result of <RequireAny>: denied [Mon Feb 29 16:09:18.806457 2016] [authz_core:error] [pid 8692] [client 192.168.122.236:42428] AH01630: client denied by server configuration: /home/cgihw/public_html/missing.txt [Mon Feb 29 16:09:18.806478 2016] [core:trace3] [pid 8692] request.c(119): [client 192.168.122.236:42428] auth phase 'check access' gave status 403: /missing.txt [Mon Feb 29 16:09:18.806560 2016] [rewrite:trace3] [pid 8692] mod_rewrite.c(476): [client 192.168.122.236:42428] 192.168.122.236 - - [cgihw.tld/sid#d9f9b8][rid#e570d8/initial/redir#1] [perdir /home/cgihw/public_html/] strip per-dir prefix: /home/cgihw/public_html/403.shtm l -> 403.shtml [Mon Feb 29 16:09:18.806578 2016] [rewrite:trace3] [pid 8692] mod_rewrite.c(476): [client 192.168.122.236:42428] 192.168.122.236 - - [cgihw.tld/sid#d9f9b8][rid#e570d8/initial/redir#1] [perdir /home/cgihw/public_html/] applying pattern '.*' to uri '403.shtml' [Mon Feb 29 16:09:18.806599 2016] [rewrite:trace2] [pid 8692] mod_rewrite.c(476): [client 192.168.122.236:42428] 192.168.122.236 - - [cgihw.tld/sid#d9f9b8][rid#e570d8/initial/redir#1] [perdir /home/cgihw/public_html/] rewrite '403.shtml' -> 'goodbye.txt' [Mon Feb 29 16:09:18.806626 2016] [rewrite:trace3] [pid 8692] mod_rewrite.c(476): [client 192.168.122.236:42428] 192.168.122.236 - - [cgihw.tld/sid#d9f9b8][rid#e570d8/initial/redir#1] [perdir /home/cgihw/public_html/] add per-dir prefix: goodbye.txt -> /home/cgihw/public_ html/goodbye.txt [Mon Feb 29 16:09:18.806642 2016] [rewrite:trace2] [pid 8692] mod_rewrite.c(476): [client 192.168.122.236:42428] 192.168.122.236 - - [cgihw.tld/sid#d9f9b8][rid#e570d8/initial/redir#1] [perdir /home/cgihw/public_html/] strip document_root prefix: /home/cgihw/public_html/go odbye.txt -> /goodbye.txt [Mon Feb 29 16:09:18.806654 2016] [rewrite:trace1] [pid 8692] mod_rewrite.c(476): [client 192.168.122.236:42428] 192.168.122.236 - - [cgihw.tld/sid#d9f9b8][rid#e570d8/initial/redir#1] [perdir /home/cgihw/public_html/] internal redirect with /goodbye.txt [INTERNAL REDIRECT ] [Mon Feb 29 16:09:18.806742 2016] [rewrite:trace3] [pid 8692] mod_rewrite.c(476): [client 192.168.122.236:42428] 192.168.122.236 - - [cgihw.tld/sid#d9f9b8][rid#e5ac30/initial/redir#2] [perdir /home/cgihw/public_html/] strip per-dir prefix: /home/cgihw/public_html/goodbye. txt -> goodbye.txt [Mon Feb 29 16:09:18.806757 2016] [rewrite:trace3] [pid 8692] mod_rewrite.c(476): [client 192.168.122.236:42428] 192.168.122.236 - - [cgihw.tld/sid#d9f9b8][rid#e5ac30/initial/redir#2] [perdir /home/cgihw/public_html/] applying pattern '.*' to uri 'goodbye.txt' [Mon Feb 29 16:09:18.806770 2016] [rewrite:trace2] [pid 8692] mod_rewrite.c(476): [client 192.168.122.236:42428] 192.168.122.236 - - [cgihw.tld/sid#d9f9b8][rid#e5ac30/initial/redir#2] [perdir /home/cgihw/public_html/] rewrite 'goodbye.txt' -> 'goodbye.txt' [Mon Feb 29 16:09:18.806781 2016] [rewrite:trace3] [pid 8692] mod_rewrite.c(476): [client 192.168.122.236:42428] 192.168.122.236 - - [cgihw.tld/sid#d9f9b8][rid#e5ac30/initial/redir#2] [perdir /home/cgihw/public_html/] add per-dir prefix: goodbye.txt -> /home/cgihw/public_ html/goodbye.txt [Mon Feb 29 16:09:18.806795 2016] [rewrite:trace1] [pid 8692] mod_rewrite.c(476): [client 192.168.122.236:42428] 192.168.122.236 - - [cgihw.tld/sid#d9f9b8][rid#e5ac30/initial/redir#2] [perdir /home/cgihw/public_html/] initial URL equal rewritten URL: /home/cgihw/public_ht ml/goodbye.txt [IGNORING REWRITE] [Mon Feb 29 16:09:18.806885 2016] [http:trace3] [pid 8692] http_filters.c(1006): [client 192.168.122.236:42428] Response sent with status 403, headers: [Mon Feb 29 16:09:18.806898 2016] [http:trace5] [pid 8692] http_filters.c(1013): [client 192.168.122.236:42428] Date: Mon, 29 Feb 2016 16:09:18 GMT [Mon Feb 29 16:09:18.806908 2016] [http:trace5] [pid 8692] http_filters.c(1016): [client 192.168.122.236:42428] Server: Apache [Mon Feb 29 16:09:18.806917 2016] [http:trace4] [pid 8692] http_filters.c(835): [client 192.168.122.236:42428] Last-Modified: Mon, 29 Feb 2016 16:06:33 GMT [Mon Feb 29 16:09:18.806925 2016] [http:trace4] [pid 8692] http_filters.c(835): [client 192.168.122.236:42428] Accept-Ranges: bytes [Mon Feb 29 16:09:18.806931 2016] [http:trace4] [pid 8692] http_filters.c(835): [client 192.168.122.236:42428] Content-Length: 14 [Mon Feb 29 16:09:18.806938 2016] [http:trace4] [pid 8692] http_filters.c(835): [client 192.168.122.236:42428] Connection: close [Mon Feb 29 16:09:18.806944 2016] [http:trace4] [pid 8692] http_filters.c(835): [client 192.168.122.236:42428] Content-Type: text/plain [Mon Feb 29 16:09:18.806979 2016] [core:trace6] [pid 8692] core_filters.c(525): [client 192.168.122.236:42428] core_output_filter: flushing because of FLUSH bucket [Mon Feb 29 16:09:18.807233 2016] [core:trace6] [pid 8692] core_filters.c(525): [client 192.168.122.236:42428] core_output_filter: flushing because of FLUSH bucket
Trace8 after new patch: [Mon Feb 29 16:27:48.520428 2016] [core:trace5] [pid 18816] protocol.c(616): [client 192.168.122.236:42816] Request received from client: GET /missing.txt HTTP/1.1 [Mon Feb 29 16:27:48.520744 2016] [http:trace4] [pid 18816] http_request.c(394): [client 192.168.122.236:42816] Headers received from client: [Mon Feb 29 16:27:48.520764 2016] [http:trace4] [pid 18816] http_request.c(398): [client 192.168.122.236:42816] User-Agent: curl/7.29.0 [Mon Feb 29 16:27:48.520773 2016] [http:trace4] [pid 18816] http_request.c(398): [client 192.168.122.236:42816] Host: cgihw.tld [Mon Feb 29 16:27:48.520781 2016] [http:trace4] [pid 18816] http_request.c(398): [client 192.168.122.236:42816] Accept: */* [Mon Feb 29 16:27:48.521090 2016] [authz_core:debug] [pid 18816] mod_authz_core.c(809): [client 192.168.122.236:42816] AH01626: authorization result of Require all denied: denied [Mon Feb 29 16:27:48.521110 2016] [authz_core:debug] [pid 18816] mod_authz_core.c(809): [client 192.168.122.236:42816] AH01626: authorization result of <RequireAny>: denied [Mon Feb 29 16:27:48.521118 2016] [authz_core:error] [pid 18816] [client 192.168.122.236:42816] AH01630: client denied by server configuration: /home/cgihw/public_html/missing.txt [Mon Feb 29 16:27:48.521127 2016] [core:trace3] [pid 18816] request.c(119): [client 192.168.122.236:42816] auth phase 'check access' gave status 403: /missing.txt [Mon Feb 29 16:27:48.521212 2016] [rewrite:trace3] [pid 18816] mod_rewrite.c(476): [client 192.168.122.236:42816] 192.168.122.236 - - [cgihw.tld/sid#1c22af8][rid#1c3f058/initial/redir#1] [perdir /home/cgihw/public_html/] strip per-dir prefix: /home/cgihw/public_html/403.shtml -> 403.shtml [Mon Feb 29 16:27:48.521240 2016] [rewrite:trace3] [pid 18816] mod_rewrite.c(476): [client 192.168.122.236:42816] 192.168.122.236 - - [cgihw.tld/sid#1c22af8][rid#1c3f058/initial/redir#1] [perdir /home/cgihw/public_html/] applying pattern '.*' to uri '403.shtml' [Mon Feb 29 16:27:48.521264 2016] [rewrite:trace2] [pid 18816] mod_rewrite.c(476): [client 192.168.122.236:42816] 192.168.122.236 - - [cgihw.tld/sid#1c22af8][rid#1c3f058/initial/redir#1] [perdir /home/cgihw/public_html/] rewrite '403.shtml' -> 'goodbye.txt' [Mon Feb 29 16:27:48.521279 2016] [rewrite:trace3] [pid 18816] mod_rewrite.c(476): [client 192.168.122.236:42816] 192.168.122.236 - - [cgihw.tld/sid#1c22af8][rid#1c3f058/initial/redir#1] [perdir /home/cgihw/public_html/] add per-dir prefix: goodbye.txt -> /home/cgihw/public_html/goodbye.txt [Mon Feb 29 16:27:48.521296 2016] [rewrite:trace2] [pid 18816] mod_rewrite.c(476): [client 192.168.122.236:42816] 192.168.122.236 - - [cgihw.tld/sid#1c22af8][rid#1c3f058/initial/redir#1] [perdir /home/cgihw/public_html/] strip document_root prefix: /home/cgihw/public_html/goodbye.txt -> /goodbye.txt [Mon Feb 29 16:27:48.521310 2016] [rewrite:trace1] [pid 18816] mod_rewrite.c(476): [client 192.168.122.236:42816] 192.168.122.236 - - [cgihw.tld/sid#1c22af8][rid#1c3f058/initial/redir#1] [perdir /home/cgihw/public_html/] internal redirect with /goodbye.txt [INTERNAL REDIRECT] [Mon Feb 29 16:27:48.521420 2016] [rewrite:trace3] [pid 18816] mod_rewrite.c(476): [client 192.168.122.236:42816] 192.168.122.236 - - [cgihw.tld/sid#1c22af8][rid#1c42bb0/initial/redir#2] [perdir /home/cgihw/public_html/] strip per-dir prefix: /home/cgihw/public_html/goodbye.txt -> goodbye.txt [Mon Feb 29 16:27:48.521437 2016] [rewrite:trace3] [pid 18816] mod_rewrite.c(476): [client 192.168.122.236:42816] 192.168.122.236 - - [cgihw.tld/sid#1c22af8][rid#1c42bb0/initial/redir#2] [perdir /home/cgihw/public_html/] applying pattern '.*' to uri 'goodbye.txt' [Mon Feb 29 16:27:48.521451 2016] [rewrite:trace2] [pid 18816] mod_rewrite.c(476): [client 192.168.122.236:42816] 192.168.122.236 - - [cgihw.tld/sid#1c22af8][rid#1c42bb0/initial/redir#2] [perdir /home/cgihw/public_html/] rewrite 'goodbye.txt' -> 'goodbye.txt' [Mon Feb 29 16:27:48.521464 2016] [rewrite:trace3] [pid 18816] mod_rewrite.c(476): [client 192.168.122.236:42816] 192.168.122.236 - - [cgihw.tld/sid#1c22af8][rid#1c42bb0/initial/redir#2] [perdir /home/cgihw/public_html/] add per-dir prefix: goodbye.txt -> /home/cgihw/public_html/goodbye.txt [Mon Feb 29 16:27:48.521479 2016] [rewrite:trace1] [pid 18816] mod_rewrite.c(476): [client 192.168.122.236:42816] 192.168.122.236 - - [cgihw.tld/sid#1c22af8][rid#1c42bb0/initial/redir#2] [perdir /home/cgihw/public_html/] initial URL equal rewritten URL: /home/cgihw/public_html/goodbye.txt [IGNORING REWRITE] [Mon Feb 29 16:27:48.521561 2016] [http:trace3] [pid 18816] http_filters.c(1006): [client 192.168.122.236:42816] Response sent with status 403, headers: [Mon Feb 29 16:27:48.521572 2016] [http:trace5] [pid 18816] http_filters.c(1013): [client 192.168.122.236:42816] Date: Mon, 29 Feb 2016 16:27:48 GMT [Mon Feb 29 16:27:48.521581 2016] [http:trace5] [pid 18816] http_filters.c(1016): [client 192.168.122.236:42816] Server: Apache [Mon Feb 29 16:27:48.521590 2016] [http:trace4] [pid 18816] http_filters.c(835): [client 192.168.122.236:42816] Last-Modified: Mon, 29 Feb 2016 16:06:33 GMT [Mon Feb 29 16:27:48.521600 2016] [http:trace4] [pid 18816] http_filters.c(835): [client 192.168.122.236:42816] Accept-Ranges: bytes [Mon Feb 29 16:27:48.521608 2016] [http:trace4] [pid 18816] http_filters.c(835): [client 192.168.122.236:42816] Content-Length: 14 [Mon Feb 29 16:27:48.521615 2016] [http:trace4] [pid 18816] http_filters.c(835): [client 192.168.122.236:42816] Connection: close [Mon Feb 29 16:27:48.521622 2016] [http:trace4] [pid 18816] http_filters.c(835): [client 192.168.122.236:42816] Content-Type: text/plain [Mon Feb 29 16:27:48.521662 2016] [core:trace6] [pid 18816] core_filters.c(525): [client 192.168.122.236:42816] core_output_filter: flushing because of FLUSH bucket [Mon Feb 29 16:27:48.521934 2016] [core:trace6] [pid 18816] core_filters.c(525): [client 192.168.122.236:42816] core_output_filter: flushing because of FLUSH bucket
Since we're having a difficult time duplicating the secondary issues, I am closing this bug. Thanks for your help Eric