httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Fritsch ...@sfritsch.de>
Subject Re: "RewriteRule ... /$1" considered harmful
Date Wed, 06 Jul 2011 18:53:31 GMT
On Monday 02 May 2011, Eric Covener wrote:
> On Sun, May 1, 2011 at 10:40 PM, Eric Covener <covener@gmail.com> 
wrote:
> >> - Create new directives RewriteToPath, RewriteToURL that don't
> >> do guessing. - Document clearly the problems that may be caused
> >> by the guessing behaviour of RewriteRule. Maybe even mark
> >> RewriteRule as deprecated in 2.4.
> > 
> > another one on users@, +1 to this approach and strong advice in
> > the manual to use one of the other flavors.
> > 
> > Rewriterule in per-server context could emit a once-per-restart
> > warning if it interprets a substitution as a filesystem path.  If
> > it triggers a 403 from <Directory /> inadvertently, it will
> > precede the "permission denied by server configuration" in the
> > error log.
> 
> I took a pass at the doc to make the stuff we're discussing a bit
> more explicit which might help the discussion/deprecation too.
> 
> http://people.apache.org/~covener/patches/rewrite-substitution_clar
> ity.diff
> 
> I think the DocumentRoot-relative substitution should not be
> preserved in the RewriteToURL -- seems like an unnecessary
> complication.  IMO RewriteToURL implies PT just like
> per-directory, however this comes with some baggage -- exposing
> yourself to loops and losing the intuitive use of the  L flag.

Because Eric asked on IRC: I am currently preferring to do this after 
2.4.0 for the following reason:

I also wanted mod_rewrite to be smarter about what prefix to prepend 
in directory context, now that we have the context prefix / context 
document root info available from mod_alias/mod_userdir. But since 
this will not be quite backward compatible, I thought it would be a 
good idea to bundle this change with RewriteToURL/RewriteToFile. 
RewriteRule would then keep behaving exactly as it does now, and the 
new directives would behave somewhat differently. This should make 
inclusion in a 2.4.1+ release painless.

Getting the behaviour in directory context right will need some 
thought and a lot of testing. Therefore I don't want to rush this into 
2.4.0.

Mime
View raw message