httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <>
Subject Re: "RewriteRule ... /$1" considered harmful
Date Mon, 02 May 2011 04:04:58 GMT
On Sun, May 1, 2011 at 10:40 PM, Eric Covener <> wrote:
>> - Create new directives RewriteToPath, RewriteToURL that don't do guessing.
>> - Document clearly the problems that may be caused by the guessing
>> behaviour of RewriteRule. Maybe even mark RewriteRule as deprecated in
>> 2.4.
> another one on users@, +1 to this approach and strong advice in the
> manual to use one of the other flavors.
> Rewriterule in per-server context could emit a once-per-restart
> warning if it interprets a substitution as a filesystem path.  If it
> triggers a 403 from <Directory /> inadvertently, it will precede the
> "permission denied by server configuration" in the error log.

I took a pass at the doc to make the stuff we're discussing a bit more
explicit which might help the discussion/deprecation too.

I think the DocumentRoot-relative substitution should not be preserved
in the RewriteToURL -- seems like an unnecessary complication.  IMO
RewriteToURL implies PT just like per-directory, however this comes
with some baggage -- exposing yourself to loops and losing the
intuitive use of the  L flag.

Eric Covener

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message