RewriteRule works on Apache 1.3, but not 2.2

Forum Moderators: phranque

Message Too Old, No Replies

RewriteRule works on Apache 1.3, but not 2.2

michal_eu

9:08 pm on Oct 1, 2006 (gmt 0)

So I have the following rule:

RewriteRule ^abc/$ ../domain.com/abc/def/?hl=de [L,QSA]

It works on my local Apache 1.3, but doesn't work on my dedicated Apache 2.2.2. It's giving me the following error message:

Bad Request
Your browser sent a request that this server could not understand.

Does anybody know why?

The paths are exactly the same on the both servers.

jdMorgan

9:58 pm on Oct 1, 2006 (gmt 0)

Check your server error log -- Your rule looks like it will loop, adding a new copy of the query string each time. Eventually the requested URL will exceed the allowable length limit, which will give a 400 error.

Also, your server should not allow rewriting above the Document root. If it does so, that is a potentially-serious security problem.

Jim

michal_eu

6:31 am on Oct 2, 2006 (gmt 0)

Hi Jim,

thanks for the quick reply.

All I'm getting from the error log is this:

[Mon Oct 02 08:27:46 2006] [error] [client #*$!.#*$!.#*$!.#*$!] Invalid URI in request GET /abc/ HTTP/1.1
[Mon Oct 02 08:27:46 2006] [error] [client #*$!.#*$!.#*$!.#*$!] File does not exist: /home/www/sub1.domain.com/favicon.ico

I don't think it's a loop, because the RewriteRule is written in the .htaccess of /home/www/sub1.domain.com/, and I'm trying to access /home/www/domain.com/ from it.

All I actually need is reading above the Document root. Is this still a security flaw if I'm the only person that is using this server? Is there a way to only allow it to individual directories?