httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sl...@apache.org
Subject svn commit: r433005 - in /httpd/httpd/trunk/docs/manual/platform: windows.html.en windows.xml
Date Sun, 20 Aug 2006 18:48:25 GMT
Author: slive
Date: Sun Aug 20 11:48:24 2006
New Revision: 433005

URL: http://svn.apache.org/viewvc?rev=433005&view=rev
Log:
Add a note about case-sensitivity to the windows platform docs.
Partially in response to the disputed vulnerability:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4110

Modified:
    httpd/httpd/trunk/docs/manual/platform/windows.html.en
    httpd/httpd/trunk/docs/manual/platform/windows.xml

Modified: httpd/httpd/trunk/docs/manual/platform/windows.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/platform/windows.html.en?rev=433005&r1=433004&r2=433005&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/platform/windows.html.en (original)
+++ httpd/httpd/trunk/docs/manual/platform/windows.html.en Sun Aug 20 11:48:24 2006
@@ -227,6 +227,25 @@
       not backslashes. Drive letters can be used; if omitted, the drive
       with the Apache executable will be assumed.</p></li>
 
+      <li><p>While filenames are generally case-insensitive on
+      Windows, URLs are still treated internally as case-sensitive
+      before they are mapped to the filesystem.  For example, the
+      <code class="directive"><a href="../mod/core.html#location">&lt;Location&gt;</a></code>,
+      <code class="directive"><a href="../mod/mod_alias.html#alias">Alias</a></code>,
and <code class="directive"><a href="../mod/mod_proxy.html#proxypass">ProxyPass</a></code>
directives all use
+      case-sensitive arguments.  For this reason, it is particularly
+      important to use the <code class="directive"><a href="../mod/core.html#directory">&lt;Directory&gt;</a></code>
directive when attempting
+      to limit access to content in the filesystem, since this
+      directive applies to any content in a directory, regardless of
+      how it is accessed.  If you wish to assure that only lowercase
+      is used in URLs, you can use something like:</p>
+
+      <div class="example"><p><code>
+      RewriteEngine On<br />
+      RewriteMap lowercase int:tolower<br />
+      RewriteCond %{REQUEST_URI} [A-Z]<br />
+      RewriteRule (.*) ${lowercase:$1} [R,L]
+      </code></p></div></li>
+
       <li><p>Apache for Windows contains the ability to load modules at
       runtime, without recompiling the server. If Apache is compiled
       normally, it will install a number of optional modules in the

Modified: httpd/httpd/trunk/docs/manual/platform/windows.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/platform/windows.xml?rev=433005&r1=433004&r2=433005&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/platform/windows.xml (original)
+++ httpd/httpd/trunk/docs/manual/platform/windows.xml Sun Aug 20 11:48:24 2006
@@ -225,6 +225,27 @@
       not backslashes. Drive letters can be used; if omitted, the drive
       with the Apache executable will be assumed.</p></li>
 
+      <li><p>While filenames are generally case-insensitive on
+      Windows, URLs are still treated internally as case-sensitive
+      before they are mapped to the filesystem.  For example, the
+      <directive module="core" type="section">Location</directive>,
+      <directive module="mod_alias">Alias</directive>, and <directive
+      module="mod_proxy">ProxyPass</directive> directives all use
+      case-sensitive arguments.  For this reason, it is particularly
+      important to use the <directive module="core"
+      type="section">Directory</directive> directive when attempting
+      to limit access to content in the filesystem, since this
+      directive applies to any content in a directory, regardless of
+      how it is accessed.  If you wish to assure that only lowercase
+      is used in URLs, you can use something like:</p>
+
+      <example>
+      RewriteEngine On<br />
+      RewriteMap lowercase int:tolower<br />
+      RewriteCond %{REQUEST_URI} [A-Z]<br />
+      RewriteRule (.*) ${lowercase:$1} [R,L]
+      </example></li>
+
       <li><p>Apache for Windows contains the ability to load modules at
       runtime, without recompiling the server. If Apache is compiled
       normally, it will install a number of optional modules in the



Mime
View raw message