httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <field...@kiwi.ics.uci.edu>
Subject Re: off subject .. in URLs
Date Wed, 24 Mar 1999 04:52:36 GMT
WTF?  I thought we fixed this years ago.

    % telnet www.apache.org 80
    Trying 209.133.83.18...
    Connected to www.apache.org.
    Escape character is '^]'.
    GET /dist/../index.html HTTP/1.0

    HTTP/1.1 200 OK
    Date: Wed, 24 Mar 1999 04:45:09 GMT
    Server: Apache/1.3.5-dev (Unix) PHP/3.0.6
    Cache-Control: max-age=86400
    Expires: Thu, 25 Mar 1999 04:45:09 GMT
    Connection: close
    Content-Type: text/html
    
    ...

It is supposed to be returning a 301 redirect, not a 200.

>Is dot dot support a function of the browser, the server, neither (as
>defined in an RFC), or both ?

It is only "special" when used at the front of a relative URI, within the
browser.  We should be externally redirecting the request, since this
just results in an infinite number of URLs for every resource.

....Roy

Mime
View raw message