Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 35296 invoked from network); 16 Dec 2008 00:10:51 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 16 Dec 2008 00:10:51 -0000 Received: (qmail 9471 invoked by uid 500); 16 Dec 2008 00:11:02 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 9387 invoked by uid 500); 16 Dec 2008 00:11:01 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 9378 invoked by uid 99); 16 Dec 2008 00:11:01 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 15 Dec 2008 16:11:01 -0800 X-ASF-Spam-Status: No, hits=0.2 required=10.0 tests=RCVD_IN_DNSWL_LOW,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [209.237.226.90] (HELO hyperreal.org) (209.237.226.90) by apache.org (qpsmtpd/0.29) with SMTP; Tue, 16 Dec 2008 00:10:41 +0000 Received: (qmail 57012 invoked from network); 16 Dec 2008 00:10:07 -0000 Received: from localhost.hyperreal.org (HELO doubleshadow.eilebrecht.net) (127.0.0.1) by localhost.hyperreal.org with SMTP; 16 Dec 2008 00:10:07 -0000 Received: from localhost ([127.0.0.1]) by doubleshadow.eilebrecht.net with esmtp (Exim 4.67) (envelope-from ) id 1LCNVz-00062b-BL for dev@httpd.apache.org; Tue, 16 Dec 2008 01:10:19 +0100 Date: Tue, 16 Dec 2008 01:10:19 +0100 From: Lars Eilebrecht To: dev@httpd.apache.org Subject: Unexpected behavior of FilesMatch Message-ID: <20081216001019.GA21964@eilebrecht.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.17+20080114 (2008-01-14) X-Spam-Rating: localhost.hyperreal.org 1.6.2 0/1000/N X-Virus-Checked: Checked by ClamAV on apache.org Hi, I came across a strange/unexpected behavior of FilesMatch. Example config to reproduce the issue: Order Deny,Allow Deny from all Allow from all - requesting "/test/blah" returns a forbidden error, which is OK - requesting "/test/foo.bar" returns the file if it exists, which is OK - requesting "/test/is/here/foo.bar" returns the file if it exists, which is OK - requesting "/test/not/here/foo.bar" (with the directory "not" not existing) returns a forbidden error instead of a 404 error. In this case Apache walks up to "/usr/local/apache2/htdocs/test" and then uses "not" as the basename and matches the regex from FilesMatch against this. So using 'FilesMatch "not$"' would actually match and a 404 error is returned. FilesMatch is more about matching against actual files and not virtual URL paths, but I find it strange that "not" instead of "foo.bar" is used as the basename for the regex match. In most cases it probably doesn't matter if you get a 404 or a forbidden error, but once you start doing RewriteRule stuff the above can lead to unexpected results. Add the following RewriteRules to the directory section: RewriteRule ^/test/is/here/foo.bar$ /foo.bar [L] RewriteRule ^/test/not/here/foo.bar$ /foo.bar [L] - requesting "/test/is/here/foo.bar" redirects and returns the file /foo.bar - requesting "/test/not/here/foo.bar" redirects internally, but then returns a forbidden error. In this case Apache first matches the basename "not" *and* the basename "foo.bar" again the FilesMatch regex which fails ... Using 'FilesMatch "(not|bar)$"' would actually work in this case, but is not really something I would have expected. Tested with 2.0.63 and 2.2.11. ciao... -- Lars Eilebrecht lars@eilebrecht.net