www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Silon <dav...@holycamel.com>
Subject general/8625: Redirect Command In .htaccess Drops Concurrent Requests From The Same Client
Date Sat, 27 Oct 2001 16:44:26 GMT

>Number:         8625
>Category:       general
>Synopsis:       Redirect Command In .htaccess Drops Concurrent Requests From The Same
Client
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Mon Oct 29 00:00:01 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     daveys@holycamel.com
>Release:        1.3.22
>Organization:
apache
>Environment:
uname result: Linux 2.4.2-2 #7 i686
Distribution: RedHat 7.1
gcc version 2.96 20000731 (RedHat Linux 7.1 2.96-85)
Processor: Athlon 1.4GHz, 266FSB
RAM:768Mb
(Motherboard Epox 8KTA3+)
>Description:
When simultaneous accesses occur that are supposed to be processed by the Redirect command,
the first one will be processed, and others with the same timestamp will get through.  I would
expect that this problem also occurs with RedirectMatch,although I have not tried it.

Redirect commands I am using in .htaccess:
Redirect /scripts http://www.WindowsIdiots.invalid
Redirect /winnt http://www.WindowsIdiots.invalid
Redirect /nt http://www.WindowsIdiots.invalid
Redirect /win_nt http://www.WindowsIdiots.invalid
Redirect /system32 http://www.WindowsIdiots.invalid
Redirect /MSADC http://www.WindowsIdiots.invalid
Redirect /msadc http://www.WindowsIdiots.invalid
Redirect /c http://www.WindowsIdiots.invalid
Redirect /d http://www.WindowsIdiots.invalid
Redirect /_mem_bin http://www.WindowsIdiots.invalid
Redirect /_vti_bin http://www.WindowsIdiots.invalid

Results from the log:
66.17.32.198 - - [27/Oct/2001:08:53:30 -0700] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 302 321
66.17.32.198 - - [27/Oct/2001:08:53:30 -0700] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 300
66.17.32.198 - - [27/Oct/2001:08:53:30 -0700] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 302 321
66.17.32.198 - - [27/Oct/2001:08:53:31 -0700] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 302 321
66.17.32.198 - - [27/Oct/2001:08:53:31 -0700] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 400 284
66.17.32.198 - - [27/Oct/2001:08:53:31 -0700] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 400 284
66.17.32.198 - - [27/Oct/2001:08:53:31 -0700] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 302 320
66.17.32.198 - - [27/Oct/2001:08:53:32 -0700] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 302 320
66.17.32.198 - - [27/Oct/2001:09:08:22 -0700] "GET /scripts/root.exe?/c+dir HTTP/1.0" 302
296
66.17.32.198 - - [27/Oct/2001:09:08:22 -0700] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 302 294
66.17.32.198 - - [27/Oct/2001:09:08:22 -0700] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0"
302 304
66.17.32.198 - - [27/Oct/2001:09:08:23 -0700] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0"
302 304
66.17.32.198 - - [27/Oct/2001:09:08:23 -0700] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 302 320
66.17.32.198 - - [27/Oct/2001:09:08:23 -0700] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 302 341
66.17.32.198 - - [27/Oct/2001:09:08:24 -0700] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 302 341
66.17.32.198 - - [27/Oct/2001:09:08:24 -0700] "GET /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 302 369
66.17.32.198 - - [27/Oct/2001:09:08:24 -0700] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 302 321
66.17.32.198 - - [27/Oct/2001:09:08:24 -0700] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 300
66.17.32.198 - - [27/Oct/2001:09:08:24 -0700] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 302 321
66.17.32.198 - - [27/Oct/2001:09:08:25 -0700] "GET /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 302 321
66.17.32.198 - - [27/Oct/2001:09:08:25 -0700] "GET /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 400 284
66.17.32.198 - - [27/Oct/2001:09:08:25 -0700] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 400 284
66.17.32.198 - - [27/Oct/2001:09:08:25 -0700] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 302 320
66.17.32.198 - - [27/Oct/2001:09:08:25 -0700] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 302 320

As you can see, the initial request of group of simultaneous requests, gets 302'd, but a following
one will either get a 400 or 404.  They should ALL be redirected (302).  I have classified
this as a serious problem since the server fails to perform an important function.  Although
I am using it for trying to help cut down the stupid virus bandwidth usage, other uses on
directories for high traffic servers could cause the redirect to fail.
>How-To-Repeat:
1. Set up a server and give it a public DNS entry
2. Set up an .htaccess file with redirect for the windows virus as above
3. Wait for the accesses to come in (about a millisecond ;-) )

Suggestion for Generalized Testing:
This problem may be related to simultaneous requests from a single client.  Redirect may work
OK when the simultaneous accesses are from unique clients, but I have no way of testing that.
>Fix:
Look for a hole in the request processing queue for multiple calls matching the redirect criteria
from a single client, and check to make sure that it is not a problem with unique clients.
 It seems like there is something with the Redirect where handling is ending up being modal
which allows some requests to get through.
>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]
 
 


Mime
View raw message