httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yehuda Katz <yeh...@ymkatz.net>
Subject Re: [users@httpd] index.php ist used (internally) when /index.php/ is requested
Date Sun, 16 Nov 2014 21:40:36 GMT
As far as I know, the default has not changed since the directive was
introduced:
DefaultThe treatment of requests with trailing pathname information is
determined by the handler
<http://httpd.apache.org/docs/2.4/handler.html> responsible
for the request. The core handler for normal files defaults to rejecting
PATH_INFO requests. Handlers that serve scripts, such as cgi-script
<http://httpd.apache.org/docs/2.4/mod/mod_cgi.html> and isapi-handler
<http://httpd.apache.org/docs/2.4/mod/mod_isapi.html>, generally accept
PATH_INFO by default.

On Thu, Nov 13, 2014 at 11:45 AM, Christoph Gröver <grover@sitepark.com>
wrote:

>
> Hello list,
>
> > This is usually the intended behavior. Many PHP frameworks use
> > PATH_INFO to handle requests.
> >
> > See the documentation for AcceptPathInfo:
> > http://httpd.apache.org/docs/current/mod/core.html#acceptpathinfo
>
> Thanks Yehuda. I see why this is being used. Is this the default for
> a long time?
> Last time I checked the use of trailing slashes or other nonsense
> to bypass security features it didn't work.
>
> I run a module which should restrict the use of certain URLs, so I
> think I have to prevent this configuration somehow.
>
> Thanks for the link.
> Greetings
>
> --
> Christoph Gröver
>

Mime
View raw message