httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Slawomir Jasek <sla...@slawek.eisp.pl>
Subject [users@httpd] mod_actions + mod_rewrite = DoS
Date Sat, 19 Oct 2002 22:49:44 GMT
I've been testing the following configuration:

Linux i686 2.4.19
Apache 1.3.27
included modules: mod_actions, mod_alias, mod_mime and mod_rewrite

The most interesting lines of my httpd.conf:

AddType application/x-httpd-php .php
ScriptAlias /shared-cgi/ /home/httpd/html/shared-cgi
Action application/x-httpd-php /shared-cgi/php

RewriteEngine On
RewriteLog "/var/log/httpd/rewrite_log"
RewriteLogLevel 9
RewriteRule !\.(gif|css|jpg|png|jar|swf)$ /home/httpd/html/index.php


after entering  e.g. http://localhost/aaa.aaa apache falls into endless
loop

rewrite_log looks like:

127.0.0.1 - - [19/Oct/2002:22:48:40 +0200] [myserver.mydomain/sid#8086208][rid#80a57b0/initial]
(2) init rewrite engine with requested uri /aaa.aaa
127.0.0.1 - - [19/Oct/2002:22:48:40 +0200] [myserver.mydomain/sid#8086208][rid#80a57b0/initial]
(3) applying pattern '\.(gif|css|jpg|png|jar|swf)$' to uri '/aaa.aaa' 
127.0.0.1 - - [19/Oct/2002:22:48:40 +0200] [myserver.mydomain/sid#8086208][rid#80a57b0/initial]
(2) rewrite /aaa.aaa -> /home/httpd/html/index.php
127.0.0.1 - - [19/Oct/2002:22:48:40 +0200] [myserver.mydomain/sid#8086208][rid#80a57b0/initial]
(2) local path result: /home/httpd/html/index.php
127.0.0.1 - - [19/Oct/2002:22:48:40 +0200] [myserver.mydomain/sid#8086208][rid#80a57b0/initial]
(1) go-ahead with /home/httpd/html/index.php [OK]
127.0.0.1 - - [19/Oct/2002:22:48:40 +0200] [myserver.mydomain/sid#8086208][rid#80a7c20/initial/redir#1]
(2) init rewrite engine with requested uri /shared-cgi/php/aaa.aaa
127.0.0.1 - - [19/Oct/2002:22:48:40 +0200] [myserver.mydomain/sid#8086208][rid#80a7c20/initial/redir#1]
(3) applying pattern '\.(gif|css|jpg|png|jar|swf)$' to uri '/shared-cgi/php/aaa.aaa'
127.0.0.1 - - [19/Oct/2002:22:48:40 +0200] [myserver.mydomain/sid#8086208][rid#80a7c20/initial/redir#1]
(2) rewrite /shared-cgi/php/aaa.aaa -> /home/httpd/html/index.php
127.0.0.1 - - [19/Oct/2002:22:48:40 +0200] [myserver.mydomain/sid#8086208][rid#80a7c20/initial/redir#1]
(2) local path result: /home/httpd/html/index.php
127.0.0.1 - - [19/Oct/2002:22:48:40 +0200] [myserver.mydomain/sid#8086208][rid#80a7c20/initial/redir#1]
(1) go-aheadwith /home/httpd/html/index.php [OK]

...

127.0.0.1 - - [19/Oct/2002:22:48:47 +0200]
[myserver.mydomain/sid#8086208][rid#84a37f8/initial/redir#89] (2) init rewrite engine with
requested uri /shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/shared-cgi/php/usr

...

in a moment apache eats all of system resources (esp. memory), and 
rewrite_log gets huge.

It looks for me as a bug, but I couldn't debug it somehow so far...

I have tested this configuration on a few older releases of Apache, with 
the same result. The same happens of course with other AddType, and even 
without ScriptAlias. I also tried other RewriteRule's - nothing changed.


Slawek Jasek.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message