tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 16759] New: - ISAPI_REDIRECTOR Handles %2F improperly
Date Tue, 04 Feb 2003 15:03:30 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16759>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16759

ISAPI_REDIRECTOR Handles %2F improperly

           Summary: ISAPI_REDIRECTOR Handles %2F improperly
           Product: Tomcat 4
           Version: 4.1.7
          Platform: PC
        OS/Version: Windows NT/2K
            Status: NEW
          Severity: Critical
          Priority: Other
         Component: Connector:Coyote JK 2
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: marcus.kellermann@bentley.com


If an IIS server with ISAPI_Redirector2.dll loads recieves a URL with a %2F 
(URLEncoding for /) it improperly handles it.  An "Access forbidden: You don't 
have permissions to access the requested object. It is either read-protected or 
not readable by the server" message is returned.  It doesn't matter if the 
ISAPI filter is configured to use that URL or not

The URL syntax looks like http://localhost/test%2F/test.htm

Note: in this case the test doesn't exist in the redirector2.properties file

If you remove the isapi filter the request it processed correctly.

In the jk2.log file I see

[Tue Feb 04 09:49:47 2003] (emerg ) [jk_isapi_plugin.c (324)]  HttpFilterProc 
[/test/test.htm] contains forbidden escape sequences.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message