httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject Re: cvs commit: httpd-2.0/modules/mappers mod_negotiation.c
Date Mon, 06 Aug 2001 23:25:46 GMT
From: "Roy T. Fielding" <>
Sent: Monday, August 06, 2001 6:10 PM

> On Mon, Aug 06, 2001 at 10:42:59PM -0000, wrote:
> > wrowe       01/08/06 15:42:59
> > 
> >   Modified:    modules/mappers mod_negotiation.c
> >   Log:
> >     Thanks goes to Manoj, while commenting on another issue, for triggering
> >     this idea.  If we find files matching (e.g. index.html.bak matches
> >     index.html) but they are rejected because we don't understand them
> >     (e.g. they are a directory, or .bak isn't a mod_mime recognized extension)
> >     then Error 500 out of here, with a note for the system administrator
> >     explaining that index.html matches some files, but their extensions
> >     cannot be grokked.  No more (unintentional, or situational) autoindex :)
> The idea is fine, but we should be returning 404 Not Found in this case.
> 500 is too generic and we don't want the client to repeat the request
> thinking that it may succeed sometime soon.

I believe we want a 500, here's why...

A 404 error is far more likely to go 'unnoticed', although it's pretty obviously
a configuration error (why are we searching for indexes that are misconfigured?
If the admin wants to deny access, Options -Includes and leave DefaultIndex out.)

A 500 tell the admin, as well as the user, that we are in trouble, and something
needs to be fixed.  If you yell loud enough, the problem gets fixed.

Note this is an unusual error, but people do stumble across it.  A 404 would 
minimize the problem too far.

View raw message