2014-11-19 23:24:57 |
Matthias Ferdinand |
bug |
|
|
added bug |
2015-03-18 14:45:23 |
Elger |
bug watch added |
|
https://bz.apache.org/bugzilla/show_bug.cgi?id=53929 |
|
2015-04-30 10:46:51 |
Launchpad Janitor |
apache2 (Ubuntu): status |
New |
Confirmed |
|
2015-04-30 11:02:49 |
Roman Plessl |
bug |
|
|
added subscriber Roman Plessl |
2015-04-30 11:14:30 |
Roman Plessl |
bug |
|
|
added subscriber indero |
2015-04-30 11:14:34 |
Roman Plessl |
removed subscriber indero |
|
|
|
2015-04-30 11:31:46 |
Robie Basak |
bug task added |
|
apache2 |
|
2015-04-30 11:34:39 |
Robie Basak |
bug |
|
|
added subscriber Robie Basak |
2015-04-30 11:34:48 |
Robie Basak |
bug |
|
|
added subscriber Ubuntu Server Team |
2015-04-30 11:35:17 |
Robie Basak |
nominated for series |
|
Ubuntu Trusty |
|
2015-04-30 11:35:17 |
Robie Basak |
bug task added |
|
apache2 (Ubuntu Trusty) |
|
2015-04-30 11:35:41 |
Robie Basak |
apache2 (Ubuntu Trusty): status |
New |
Confirmed |
|
2015-04-30 11:35:45 |
Robie Basak |
apache2 (Ubuntu): status |
Confirmed |
Fix Released |
|
2015-04-30 11:35:49 |
Robie Basak |
apache2 (Ubuntu Trusty): importance |
Undecided |
Medium |
|
2015-04-30 11:36:13 |
Robie Basak |
summary |
apache 2.4.7 mod_dir bug PR53929 |
RewriteRule of "^$" is broken |
|
2015-08-07 19:41:03 |
Robie Basak |
tags |
apache rewrite |
apache bitesize rewrite |
|
2015-08-10 15:46:18 |
Robie Basak |
tags |
apache bitesize rewrite |
apache bitesize rewrite server-next |
|
2015-08-11 16:21:46 |
Wesley Wiedenmeier |
apache2 (Ubuntu Trusty): assignee |
|
Wesley Wiedenmeier (wesley-wiedenmeier) |
|
2015-08-11 16:36:29 |
Robie Basak |
tags |
apache bitesize rewrite server-next |
apache bitesize rewrite |
|
2015-08-17 14:43:14 |
Wesley Wiedenmeier |
attachment added |
|
trusty-sru-debdiff https://bugs.launchpad.net/ubuntu/trusty/+source/apache2/+bug/1394403/+attachment/4445979/+files/trusty-sru-debdiff |
|
2015-08-17 14:46:16 |
Wesley Wiedenmeier |
description |
Ubuntu 14.04LTS x86_64
In apache 2.4.7 there is a bug in mod_dir, in that it does not stop when the URL has just been rewritten by mod_rewrite.
If you have rewrite rules in .htaccess, ending in a [P] for an external URL, rule execution should stop and mod_proxy should go and fetch the given URL. Instead, mod_dir fires another round of rewrite rule checks as it looks for .../index.html, possibly giving completely different results (e.g. not fetching from remote site).
http://www.apachelounge.com/Changelog-2.4.html:
...
*) mod_dir: Don't search for a DirectoryIndex or DirectorySlash on a
URL that was just rewritten by mod_rewrite. PR53929. [Eric Covener]
...
http://stackoverflow.com/questions/17095981/why-apache-mod-rewrite-rewrites-twice-my-url
Please backport the for PR53929
(or update apache package to 2.4.9) |
[Test Case]
Setup
Apache 2.4.7
* mod_rewrite
* mod_ajp
* mod_dir
Tomcat
* Listening on Port 9001
Apache with a .htaccess in the example.net VirtualHost
RewriteEngine On
RewriteRule ^(.*)$ ajp://localhost:9001/$1 [P]
Expected:
Return from Tomcat
HTTP Status 404 - /
Reality:
Return from Tomcat
HTTP Status 404 - /index.html
Workaround for this particular setup was to either disable mod_dir or disable DirectoryIndex in .htaccess.
Or on VirtualHost context use ProxyPass.
ProxyPass / ajp://localhost:9001/
ProxyPassReverse / ajp://localhost:9001/
[Impact]
With DirectoryIndex disabled:
<pre>
[Thu Apr 30 13:55:18.761066 2015] [rewrite:trace3] [pid 31422] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38052] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb50a0/initial] [perdir /home/www-data/example.net/] strip per-dir prefix: /home/www-data/example.net/ ->
[Thu Apr 30 13:55:18.761191 2015] [rewrite:trace3] [pid 31422] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38052] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb50a0/initial] [perdir /home/www-data/example.net/] applying pattern '^(.*)$' to uri ''
[Thu Apr 30 13:55:18.761215 2015] [rewrite:trace2] [pid 31422] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38052] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb50a0/initial] [perdir /home/www-data/example.net/] rewrite '' -> 'ajp://localhost:9001/'
[Thu Apr 30 13:55:18.761232 2015] [rewrite:trace2] [pid 31422] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38052] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb50a0/initial] [perdir /home/www-data/example.net/] escaped URI in per-dir context for proxy, ajp://localhost:9001/ -> ajp://localhost:9001/
[Thu Apr 30 13:55:18.761245 2015] [rewrite:trace2] [pid 31422] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38052] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb50a0/initial] [perdir /home/www-data/example.net/] forcing proxy-throughput with ajp://localhost:9001/
[Thu Apr 30 13:55:18.761259 2015] [rewrite:trace1] [pid 31422] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38052] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb50a0/initial] [perdir /home/www-data/example.net/] go-ahead with proxy request proxy:ajp://localhost:9001/ [OK]
</pre>
With DirectoryIndex enabled:
<pre>
[Thu Apr 30 13:58:37.954876 2015] [rewrite:trace3] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb10a0/initial] [perdir /home/www-data/example.net/] strip per-dir prefix: /home/www-data/example.net/ ->
[Thu Apr 30 13:58:37.954930 2015] [rewrite:trace3] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb10a0/initial] [perdir /home/www-data/example.net/] applying pattern '^(.*)$' to uri ''
[Thu Apr 30 13:58:37.954947 2015] [rewrite:trace2] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb10a0/initial] [perdir /home/www-data/example.net/] rewrite '' -> 'ajp://localhost:9001/'
[Thu Apr 30 13:58:37.954959 2015] [rewrite:trace2] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb10a0/initial] [perdir /home/www-data/example.net/] escaped URI in per-dir context for proxy, ajp://localhost:9001/ -> ajp://localhost:9001/
[Thu Apr 30 13:58:37.954968 2015] [rewrite:trace2] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb10a0/initial] [perdir /home/www-data/example.net/] forcing proxy-throughput with ajp://localhost:9001/
[Thu Apr 30 13:58:37.954977 2015] [rewrite:trace1] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb10a0/initial] [perdir /home/www-data/example.net/] go-ahead with proxy request proxy:ajp://localhost:9001/ [OK]
[Thu Apr 30 13:58:37.955023 2015] [rewrite:trace3] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb30a0/subreq] [perdir /home/www-data/example.net/] strip per-dir prefix: /home/www-data/example.net/index.html -> index.html
[Thu Apr 30 13:58:37.955036 2015] [rewrite:trace3] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb30a0/subreq] [perdir /home/www-data/example.net/] applying pattern '^(.*)$' to uri 'index.html'
[Thu Apr 30 13:58:37.955076 2015] [rewrite:trace2] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb30a0/subreq] [perdir /home/www-data/example.net/] rewrite 'index.html' -> 'ajp://localhost:9001/index.html'
[Thu Apr 30 13:58:37.955086 2015] [rewrite:trace2] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb30a0/subreq] [perdir /home/www-data/example.net/] escaped URI in per-dir context for proxy, ajp://localhost:9001/index.html -> ajp://localhost:9001/index.html
[Thu Apr 30 13:58:37.955094 2015] [rewrite:trace2] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb30a0/subreq] [perdir /home/www-data/example.net/] forcing proxy-throughput with ajp://localhost:9001/index.html
[Thu Apr 30 13:58:37.955103 2015] [rewrite:trace1] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb30a0/subreq] [perdir /home/www-data/example.net/] go-ahead with proxy request proxy:ajp://localhost:9001/index.html [OK]
</pre>
[Regression Potential]
As stated on the apache bugtracker https://bz.apache.org/bugzilla/show_bug.cgi?id=53929#c10:
"The behavior now seems to be consistent with 2.2, and a rewrite rule that conflicts with a DirectoryIndex gets applied."
[Original Description]
Ubuntu 14.04LTS x86_64
In apache 2.4.7 there is a bug in mod_dir, in that it does not stop when the URL has just been rewritten by mod_rewrite.
If you have rewrite rules in .htaccess, ending in a [P] for an external URL, rule execution should stop and mod_proxy should go and fetch the given URL. Instead, mod_dir fires another round of rewrite rule checks as it looks for .../index.html, possibly giving completely different results (e.g. not fetching from remote site).
http://www.apachelounge.com/Changelog-2.4.html:
...
*) mod_dir: Don't search for a DirectoryIndex or DirectorySlash on a
URL that was just rewritten by mod_rewrite. PR53929. [Eric Covener]
...
http://stackoverflow.com/questions/17095981/why-apache-mod-rewrite-rewrites-twice-my-url
Please backport the for PR53929
(or update apache package to 2.4.9) |
|
2015-08-17 17:10:10 |
Wesley Wiedenmeier |
bug |
|
|
added subscriber Ubuntu Sponsors Team |
2015-08-18 15:31:48 |
Wesley Wiedenmeier |
attachment removed |
trusty-sru-debdiff https://bugs.launchpad.net/ubuntu/trusty/+source/apache2/+bug/1394403/+attachment/4445979/+files/trusty-sru-debdiff |
|
|
2015-08-18 15:33:09 |
Wesley Wiedenmeier |
attachment added |
|
trusty-sru-debdiff https://bugs.launchpad.net/ubuntu/trusty/+source/apache2/+bug/1394403/+attachment/4447223/+files/trusty-sru-debdiff |
|
2015-08-30 20:50:11 |
Wesley Wiedenmeier |
description |
[Test Case]
Setup
Apache 2.4.7
* mod_rewrite
* mod_ajp
* mod_dir
Tomcat
* Listening on Port 9001
Apache with a .htaccess in the example.net VirtualHost
RewriteEngine On
RewriteRule ^(.*)$ ajp://localhost:9001/$1 [P]
Expected:
Return from Tomcat
HTTP Status 404 - /
Reality:
Return from Tomcat
HTTP Status 404 - /index.html
Workaround for this particular setup was to either disable mod_dir or disable DirectoryIndex in .htaccess.
Or on VirtualHost context use ProxyPass.
ProxyPass / ajp://localhost:9001/
ProxyPassReverse / ajp://localhost:9001/
[Impact]
With DirectoryIndex disabled:
<pre>
[Thu Apr 30 13:55:18.761066 2015] [rewrite:trace3] [pid 31422] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38052] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb50a0/initial] [perdir /home/www-data/example.net/] strip per-dir prefix: /home/www-data/example.net/ ->
[Thu Apr 30 13:55:18.761191 2015] [rewrite:trace3] [pid 31422] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38052] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb50a0/initial] [perdir /home/www-data/example.net/] applying pattern '^(.*)$' to uri ''
[Thu Apr 30 13:55:18.761215 2015] [rewrite:trace2] [pid 31422] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38052] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb50a0/initial] [perdir /home/www-data/example.net/] rewrite '' -> 'ajp://localhost:9001/'
[Thu Apr 30 13:55:18.761232 2015] [rewrite:trace2] [pid 31422] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38052] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb50a0/initial] [perdir /home/www-data/example.net/] escaped URI in per-dir context for proxy, ajp://localhost:9001/ -> ajp://localhost:9001/
[Thu Apr 30 13:55:18.761245 2015] [rewrite:trace2] [pid 31422] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38052] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb50a0/initial] [perdir /home/www-data/example.net/] forcing proxy-throughput with ajp://localhost:9001/
[Thu Apr 30 13:55:18.761259 2015] [rewrite:trace1] [pid 31422] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38052] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb50a0/initial] [perdir /home/www-data/example.net/] go-ahead with proxy request proxy:ajp://localhost:9001/ [OK]
</pre>
With DirectoryIndex enabled:
<pre>
[Thu Apr 30 13:58:37.954876 2015] [rewrite:trace3] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb10a0/initial] [perdir /home/www-data/example.net/] strip per-dir prefix: /home/www-data/example.net/ ->
[Thu Apr 30 13:58:37.954930 2015] [rewrite:trace3] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb10a0/initial] [perdir /home/www-data/example.net/] applying pattern '^(.*)$' to uri ''
[Thu Apr 30 13:58:37.954947 2015] [rewrite:trace2] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb10a0/initial] [perdir /home/www-data/example.net/] rewrite '' -> 'ajp://localhost:9001/'
[Thu Apr 30 13:58:37.954959 2015] [rewrite:trace2] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb10a0/initial] [perdir /home/www-data/example.net/] escaped URI in per-dir context for proxy, ajp://localhost:9001/ -> ajp://localhost:9001/
[Thu Apr 30 13:58:37.954968 2015] [rewrite:trace2] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb10a0/initial] [perdir /home/www-data/example.net/] forcing proxy-throughput with ajp://localhost:9001/
[Thu Apr 30 13:58:37.954977 2015] [rewrite:trace1] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb10a0/initial] [perdir /home/www-data/example.net/] go-ahead with proxy request proxy:ajp://localhost:9001/ [OK]
[Thu Apr 30 13:58:37.955023 2015] [rewrite:trace3] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb30a0/subreq] [perdir /home/www-data/example.net/] strip per-dir prefix: /home/www-data/example.net/index.html -> index.html
[Thu Apr 30 13:58:37.955036 2015] [rewrite:trace3] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb30a0/subreq] [perdir /home/www-data/example.net/] applying pattern '^(.*)$' to uri 'index.html'
[Thu Apr 30 13:58:37.955076 2015] [rewrite:trace2] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb30a0/subreq] [perdir /home/www-data/example.net/] rewrite 'index.html' -> 'ajp://localhost:9001/index.html'
[Thu Apr 30 13:58:37.955086 2015] [rewrite:trace2] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb30a0/subreq] [perdir /home/www-data/example.net/] escaped URI in per-dir context for proxy, ajp://localhost:9001/index.html -> ajp://localhost:9001/index.html
[Thu Apr 30 13:58:37.955094 2015] [rewrite:trace2] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb30a0/subreq] [perdir /home/www-data/example.net/] forcing proxy-throughput with ajp://localhost:9001/index.html
[Thu Apr 30 13:58:37.955103 2015] [rewrite:trace1] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb30a0/subreq] [perdir /home/www-data/example.net/] go-ahead with proxy request proxy:ajp://localhost:9001/index.html [OK]
</pre>
[Regression Potential]
As stated on the apache bugtracker https://bz.apache.org/bugzilla/show_bug.cgi?id=53929#c10:
"The behavior now seems to be consistent with 2.2, and a rewrite rule that conflicts with a DirectoryIndex gets applied."
[Original Description]
Ubuntu 14.04LTS x86_64
In apache 2.4.7 there is a bug in mod_dir, in that it does not stop when the URL has just been rewritten by mod_rewrite.
If you have rewrite rules in .htaccess, ending in a [P] for an external URL, rule execution should stop and mod_proxy should go and fetch the given URL. Instead, mod_dir fires another round of rewrite rule checks as it looks for .../index.html, possibly giving completely different results (e.g. not fetching from remote site).
http://www.apachelounge.com/Changelog-2.4.html:
...
*) mod_dir: Don't search for a DirectoryIndex or DirectorySlash on a
URL that was just rewritten by mod_rewrite. PR53929. [Eric Covener]
...
http://stackoverflow.com/questions/17095981/why-apache-mod-rewrite-rewrites-twice-my-url
Please backport the for PR53929
(or update apache package to 2.4.9) |
[Test Case]
Setup
Apache 2.4.7
* mod_rewrite
* mod_ajp
* mod_dir
Tomcat
* Listening on Port 9001
Apache with a .htaccess in the example.net VirtualHost
RewriteEngine On
RewriteRule ^(.*)$ ajp://localhost:9001/$1 [P]
Expected:
Return from Tomcat
HTTP Status 404 - /
Reality:
Return from Tomcat
HTTP Status 404 - /index.html
Workaround for this particular setup was to either disable mod_dir or disable DirectoryIndex in .htaccess.
Or on VirtualHost context use ProxyPass.
ProxyPass / ajp://localhost:9001/
ProxyPassReverse / ajp://localhost:9001/
[Impact]
With DirectoryIndex disabled:
<pre>
[Thu Apr 30 13:55:18.761066 2015] [rewrite:trace3] [pid 31422] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38052] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb50a0/initial] [perdir /home/www-data/example.net/] strip per-dir prefix: /home/www-data/example.net/ ->
[Thu Apr 30 13:55:18.761191 2015] [rewrite:trace3] [pid 31422] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38052] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb50a0/initial] [perdir /home/www-data/example.net/] applying pattern '^(.*)$' to uri ''
[Thu Apr 30 13:55:18.761215 2015] [rewrite:trace2] [pid 31422] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38052] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb50a0/initial] [perdir /home/www-data/example.net/] rewrite '' -> 'ajp://localhost:9001/'
[Thu Apr 30 13:55:18.761232 2015] [rewrite:trace2] [pid 31422] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38052] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb50a0/initial] [perdir /home/www-data/example.net/] escaped URI in per-dir context for proxy, ajp://localhost:9001/ -> ajp://localhost:9001/
[Thu Apr 30 13:55:18.761245 2015] [rewrite:trace2] [pid 31422] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38052] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb50a0/initial] [perdir /home/www-data/example.net/] forcing proxy-throughput with ajp://localhost:9001/
[Thu Apr 30 13:55:18.761259 2015] [rewrite:trace1] [pid 31422] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38052] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb50a0/initial] [perdir /home/www-data/example.net/] go-ahead with proxy request proxy:ajp://localhost:9001/ [OK]
</pre>
With DirectoryIndex enabled:
<pre>
[Thu Apr 30 13:58:37.954876 2015] [rewrite:trace3] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb10a0/initial] [perdir /home/www-data/example.net/] strip per-dir prefix: /home/www-data/example.net/ ->
[Thu Apr 30 13:58:37.954930 2015] [rewrite:trace3] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb10a0/initial] [perdir /home/www-data/example.net/] applying pattern '^(.*)$' to uri ''
[Thu Apr 30 13:58:37.954947 2015] [rewrite:trace2] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb10a0/initial] [perdir /home/www-data/example.net/] rewrite '' -> 'ajp://localhost:9001/'
[Thu Apr 30 13:58:37.954959 2015] [rewrite:trace2] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb10a0/initial] [perdir /home/www-data/example.net/] escaped URI in per-dir context for proxy, ajp://localhost:9001/ -> ajp://localhost:9001/
[Thu Apr 30 13:58:37.954968 2015] [rewrite:trace2] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb10a0/initial] [perdir /home/www-data/example.net/] forcing proxy-throughput with ajp://localhost:9001/
[Thu Apr 30 13:58:37.954977 2015] [rewrite:trace1] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb10a0/initial] [perdir /home/www-data/example.net/] go-ahead with proxy request proxy:ajp://localhost:9001/ [OK]
[Thu Apr 30 13:58:37.955023 2015] [rewrite:trace3] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb30a0/subreq] [perdir /home/www-data/example.net/] strip per-dir prefix: /home/www-data/example.net/index.html -> index.html
[Thu Apr 30 13:58:37.955036 2015] [rewrite:trace3] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb30a0/subreq] [perdir /home/www-data/example.net/] applying pattern '^(.*)$' to uri 'index.html'
[Thu Apr 30 13:58:37.955076 2015] [rewrite:trace2] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb30a0/subreq] [perdir /home/www-data/example.net/] rewrite 'index.html' -> 'ajp://localhost:9001/index.html'
[Thu Apr 30 13:58:37.955086 2015] [rewrite:trace2] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb30a0/subreq] [perdir /home/www-data/example.net/] escaped URI in per-dir context for proxy, ajp://localhost:9001/index.html -> ajp://localhost:9001/index.html
[Thu Apr 30 13:58:37.955094 2015] [rewrite:trace2] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb30a0/subreq] [perdir /home/www-data/example.net/] forcing proxy-throughput with ajp://localhost:9001/index.html
[Thu Apr 30 13:58:37.955103 2015] [rewrite:trace1] [pid 31419] mod_rewrite.c(468): [client XXX.XXX.XXX.XXX:38156] XXX.XXX.XXX.XXX - - [example.net/sid#7fc6ddd849f8][rid#7fc6ddcb30a0/subreq] [perdir /home/www-data/example.net/] go-ahead with proxy request proxy:ajp://localhost:9001/index.html [OK]
</pre>
[Regression Potential]
As stated on the apache bugtracker https://bz.apache.org/bugzilla/show_bug.cgi?id=53929#c10:
"The behavior now seems to be consistent with 2.2, and a rewrite rule that conflicts with a DirectoryIndex gets applied."
The default value of the new configuration option does change behaviour so there is a chance that this could be undesirable for some users. However, this is a very small chance, as the current default behaviour is only present in apache versions between 2.4 and 2.4.8 when the fix was introduced upstream. Behaviour can be kept consistent with current behaviour by setting "DirectoryCheckHandler On".
[Original Description]
Ubuntu 14.04LTS x86_64
In apache 2.4.7 there is a bug in mod_dir, in that it does not stop when the URL has just been rewritten by mod_rewrite.
If you have rewrite rules in .htaccess, ending in a [P] for an external URL, rule execution should stop and mod_proxy should go and fetch the given URL. Instead, mod_dir fires another round of rewrite rule checks as it looks for .../index.html, possibly giving completely different results (e.g. not fetching from remote site).
http://www.apachelounge.com/Changelog-2.4.html:
...
*) mod_dir: Don't search for a DirectoryIndex or DirectorySlash on a
URL that was just rewritten by mod_rewrite. PR53929. [Eric Covener]
...
http://stackoverflow.com/questions/17095981/why-apache-mod-rewrite-rewrites-twice-my-url
Please backport the for PR53929
(or update apache package to 2.4.9) |
|
2015-08-31 02:57:37 |
Wesley Wiedenmeier |
attachment added |
|
trusty-sru-debdiff-updated https://bugs.launchpad.net/ubuntu/trusty/+source/apache2/+bug/1394403/+attachment/4454758/+files/trusty-sru-debdiff-updated |
|
2015-09-01 11:19:40 |
Robie Basak |
apache2 (Ubuntu Trusty): status |
Confirmed |
In Progress |
|
2015-09-02 13:00:25 |
Chris J Arges |
apache2 (Ubuntu Trusty): status |
In Progress |
Fix Committed |
|
2015-09-02 13:00:27 |
Chris J Arges |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2015-09-02 13:00:33 |
Chris J Arges |
bug |
|
|
added subscriber SRU Verification |
2015-09-02 13:00:37 |
Chris J Arges |
tags |
apache bitesize rewrite |
apache bitesize rewrite verification-needed |
|
2015-09-02 13:05:08 |
Chris J Arges |
removed subscriber Ubuntu Sponsors Team |
|
|
|
2015-09-18 18:41:03 |
Mathew Hodson |
tags |
apache bitesize rewrite verification-needed |
bitesize trusty verification-done |
|
2015-09-23 14:24:42 |
Launchpad Janitor |
apache2 (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|
2015-09-23 14:24:51 |
Chris J Arges |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2015-09-24 08:55:37 |
Robie Basak |
apache2 (Ubuntu Trusty): status |
Fix Released |
New |
|
2015-09-24 08:56:28 |
Robie Basak |
apache2 (Ubuntu Trusty): status |
New |
Incomplete |
|
2015-09-24 21:22:11 |
Matthias Ferdinand |
attachment added |
|
apache configuration snippets to reproduce the bug https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1394403/+attachment/4473801/+files/reproduce-1394403.tgz |
|
2016-01-08 15:11:55 |
Frank Agerholm |
bug |
|
|
added subscriber Frank Agerholm |
2016-07-18 17:54:59 |
Launchpad Janitor |
apache2 (Ubuntu Trusty): status |
Incomplete |
Fix Released |
|
2016-07-18 17:54:59 |
Launchpad Janitor |
cve linked |
|
2016-5387 |
|
2016-07-18 18:12:10 |
Marc Deslauriers |
apache2 (Ubuntu Trusty): status |
Fix Released |
Incomplete |
|
2016-07-27 07:39:00 |
Wesley Wiedenmeier |
attachment added |
|
fix_rewrite_rule_update.debdiff https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1394403/+attachment/4707966/+files/fix_rewrite_rule_update.debdiff |
|
2016-08-15 20:31:33 |
Matthias Ferdinand |
attachment added |
|
fixes mod_rewrite->[P] case https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1394403/+attachment/4721396/+files/fix_rewrite_rule_update_with_proxy.debdiff |
|
2016-08-15 20:39:24 |
Matthias Ferdinand |
attachment added |
|
mod_rewrite->[P] inside vhost https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1394403/+attachment/4721411/+files/blubb.conf |
|
2020-05-05 20:33:56 |
Bryce Harrington |
apache2 (Ubuntu Trusty): status |
Incomplete |
Won't Fix |
|