httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: "RewriteRule ... /$1" considered harmful
Date Mon, 02 May 2011 04:04:58 GMT
On Sun, May 1, 2011 at 10:40 PM, Eric Covener <covener@gmail.com> wrote:
>> - Create new directives RewriteToPath, RewriteToURL that don't do guessing.
>> - Document clearly the problems that may be caused by the guessing
>> behaviour of RewriteRule. Maybe even mark RewriteRule as deprecated in
>> 2.4.
>>
>
> another one on users@, +1 to this approach and strong advice in the
> manual to use one of the other flavors.
>
> Rewriterule in per-server context could emit a once-per-restart
> warning if it interprets a substitution as a filesystem path.  If it
> triggers a 403 from <Directory /> inadvertently, it will precede the
> "permission denied by server configuration" in the error log.
>

I took a pass at the doc to make the stuff we're discussing a bit more
explicit which might help the discussion/deprecation too.

http://people.apache.org/~covener/patches/rewrite-substitution_clarity.diff

I think the DocumentRoot-relative substitution should not be preserved
in the RewriteToURL -- seems like an unnecessary complication.  IMO
RewriteToURL implies PT just like per-directory, however this comes
with some baggage -- exposing yourself to loops and losing the
intuitive use of the  L flag.

-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message