httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lars Eilebrecht <>
Subject Unexpected behavior of FilesMatch
Date Tue, 16 Dec 2008 00:10:19 GMT

I came across a strange/unexpected behavior of FilesMatch.

Example config to reproduce the issue:

  <Directory /usr/local/apache2/htdocs/test>
  Order Deny,Allow
  Deny from all
    <FilesMatch "bar$">  
    Allow from all  

- requesting "/test/blah" returns a forbidden error, which is OK
- requesting "/test/" returns the file if it exists, which is OK
- requesting "/test/is/here/" returns the file if it exists, 
  which is OK
- requesting "/test/not/here/" (with the directory "not"
  not existing) returns a forbidden error instead of a 404 error.
  In this case Apache walks up to "/usr/local/apache2/htdocs/test" and
  then uses "not" as the basename and matches the regex from FilesMatch
  against this. So using 'FilesMatch "not$"' would actually match and a
  404 error is returned.

FilesMatch is more about matching against actual files and not virtual
URL paths, but I find it strange that "not" instead of "" is
used as the basename for the regex match.

In most cases it probably doesn't matter if you get a 404 or a forbidden
error, but once you start doing RewriteRule stuff the above can lead to
unexpected results.

Add the following RewriteRules to the directory section:

  RewriteRule ^/test/is/here/$ / [L] 
  RewriteRule ^/test/not/here/$ / [L] 

- requesting "/test/is/here/" redirects and returns the file /
- requesting "/test/not/here/" redirects internally, but then returns
  a forbidden error.
  In this case Apache first matches the basename "not" *and* the basename 
  "" again the FilesMatch regex which fails ... 
  Using 'FilesMatch "(not|bar)$"' would actually work in this case, but
  is not really something I would have expected.

Tested with 2.0.63 and 2.2.11.

Lars Eilebrecht

View raw message