httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 20203] New: - Bug in ErrorDocument 404 Handling
Date Sat, 24 May 2003 11:46:57 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20203>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20203

Bug in ErrorDocument 404 Handling

           Summary: Bug in ErrorDocument 404 Handling
           Product: Apache httpd-1.3
           Version: 1.3.27
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Critical
          Priority: Other
         Component: core
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: fs@nessus.at


Hi there!

Yesterday i found a very critical bug in the ErrorDocument 404 Feature.
If you have a 404 Error on a Page the ErrorDocument Handler opens a file 
defined in the Apache Config or in a .htaccess file. This works fine so far.

But now the Problem:
If the Error Page which is requested is a php file with includes another file 
which doesnt exist on the server it gets another 404 and tries to request the 
error file again and again and again... this causes a very high server load and 
apache gets very slow.

in the access log it looks like this:
<remote client ip> - - [23/May/2003:20:20:22 +0200] "GET /<a file which doesnt 
exist> HTTP/1.0" 404 6133 "-" "Googlebot/2.1
<ip of the server itself> - - [23/May/2003:20:20:22 +0200] "GET /<the file 
which gets included in the php file> HTTP/1.0" 200 5561 "-" "-"
<ip of the server itself> - - [23/May/2003:20:20:22 +0200] "GET /<the file 
which gets included in the php file> HTTP/1.0" 200 5561 "-" "-"
<ip of the server itself> - - [23/May/2003:20:20:22 +0200] "GET /<the file 
which gets included in the php file> HTTP/1.0" 200 5561 "-" "-"
<ip of the server itself> - - [23/May/2003:20:20:22 +0200] "GET /<the file 
which gets included in the php file> HTTP/1.0" 200 5561 "-" "-"

and so on.

you can see that first comes the 404 error, then the server opens the 
errordocument and runs amok with the include of another php file.

i hope i described the bug comprehensible,

greetings,

Florian Schicker

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message