Bug 60009 - A local path reduced from an absolute URL that matched a virtual host is not prefixed with the DocumentRoot
Summary: A local path reduced from an absolute URL that matched a virtual host is not ...
Status: RESOLVED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_rewrite (show other bugs)
Version: 2.5-HEAD
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords: FixedInTrunk, PatchAvailable
Depends on:
Blocks:
 
Reported: 2016-08-16 19:23 UTC by Hank Ibell
Modified: 2017-06-25 12:45 UTC (History)
1 user (show)



Attachments
Proposed patch (3.46 KB, patch)
2016-08-16 19:26 UTC, Hank Ibell
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Hank Ibell 2016-08-16 19:23:57 UTC
The problem is that if a substitution is an absolute URL that matched the current virtual host, the URL can be reduced to a local path.

For example, it is possible to access files from the /tmp directory with the following configuration:

<VirtualHost localhost:80>
    ...
    RewriteRule /file/(.*) http://localhost/tmp/$1
</VirtualHost>

To resolve this issue, the DocumentRoot can be prefixed to a local path if is has been reduced from an absolute URL.
Comment 1 Hank Ibell 2016-08-16 19:26:15 UTC
Created attachment 34156 [details]
Proposed patch
Comment 2 Eric Covener 2016-12-29 18:40:04 UTC
Fixed in trunk and will r1776463 and will nominate for backport shortly
Comment 3 Eric Covener 2017-06-25 12:45:15 UTC
2.4.26