httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 50746] New: change in behaviour in 2.2.16 when using mod_rewrite and env=
Date Wed, 09 Feb 2011 17:56:38 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=50746

           Summary: change in behaviour in 2.2.16 when using mod_rewrite
                    and env=
           Product: Apache httpd-2
           Version: 2.2.16
          Platform: PC
        OS/Version: Solaris
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_rewrite
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: Conor@kerna.ie


I am using mod_rewrite to set/unset variables, these are later checked
in Allow directives:

  RewriteMap nonfob txt:/usr/local/apache2/conf/nonfob

  RewriteCond ${nonfob:%{REMOTE_ADDR}} _ok_
  RewriteRule (.*)       -    [env=nonfobaccess:1,env=nokeepalive]

  RewriteCond  ${nonfob:%{REMOTE_ADDR}}  ^$
  RewriteRule (.*)       -   [env=nonfobaccess,env=nokeepalive:1]

  ...

  Order                 Allow,Deny
  Allow from            env=nonfobaccess

This works until 2.2.15, but as of 2.2.16 there is a change [Rainer Jung] 
in mod_rewrite which sets the variable to an empty value, rather than removing
or unsetting it.
As of 2.2.16 both of these forms set the variable with an "empty" value:
  env=nonfobaccess
  env=nonfobaccess:

Here's an (abridged) rewrite log from 2.2.15:
(5) cache lookup OK: map=nonfob[txt] key=10.0.0.10 -> val= 
(4) RewriteCond: input='' pattern='^$' => matched
(5) setting env variable 'nokeepalive' to '1'

and from 2.2.16:
(5) cache lookup OK: map=nonfob[txt] key=10.0.0.10 -> val=
(4) RewriteCond: input='' pattern='^$' => matched
(5) setting env variable 'nonfobaccess' to ''
(5) setting env variable 'nokeepalive' to '1'

This means that the "Allow from env=..."  no longer has the same effect as 
the variable now always exists. There seems no longer to be a way to unset a
variable with mod_rewrite (until the patch for bug 49512 is backported...)

In this case "Allow" + "Satisfy Any" is being used to bypass basic auth,
so I cannot use extra "Deny" directives.

I'm currently using "Unsetenv" with modified rewrite rules as a partial
work-around, but I cannot fix nokeepalive with mod_rewrite.

This change means that no-cache, no-gzip and nokeeplive and other "special 
purpose" vairable can no longer be conditionally unset using mod_write.

So: I would like to request backporting "env=!variable" to 2.2.x (or 
allowing "env=variable" and "env=variable:" to do different things).

(I acknowledge that the behaviour I am relying on is undocumented, but
I suggest also that the change in behaviour be clarified in the 2.2
documentation, if you think that is appropriate.)

-C

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message