httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <>
Subject Re: off subject .. in URLs
Date Wed, 24 Mar 1999 04:52:36 GMT
WTF?  I thought we fixed this years ago.

    % telnet 80
    Connected to
    Escape character is '^]'.
    GET /dist/../index.html HTTP/1.0

    HTTP/1.1 200 OK
    Date: Wed, 24 Mar 1999 04:45:09 GMT
    Server: Apache/1.3.5-dev (Unix) PHP/3.0.6
    Cache-Control: max-age=86400
    Expires: Thu, 25 Mar 1999 04:45:09 GMT
    Connection: close
    Content-Type: text/html

It is supposed to be returning a 301 redirect, not a 200.

>Is dot dot support a function of the browser, the server, neither (as
>defined in an RFC), or both ?

It is only "special" when used at the front of a relative URI, within the
browser.  We should be externally redirecting the request, since this
just results in an infinite number of URLs for every resource.


View raw message