Received: (qmail 28575 invoked by uid 501); 8 Jan 2002 21:08:18 -0000 Message-Id: <20020108210818.28574.qmail@apache.org> Date: 8 Jan 2002 21:08:18 -0000 From: Mike Wohlgemuth Reply-To: mjw@purplefrog.com To: submit@bugz.apache.org Subject: mod_rewrite does not use URL as documented X-Send-Pr-Version: 3.110 >Number: 9411 >Category: mod_rewrite >Synopsis: mod_rewrite does not use URL as documented >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Tue Jan 08 13:10:00 PST 2002 >Closed-Date: >Last-Modified: >Originator: mjw@purplefrog.com >Release: 1.3.22 >Organization: apache >Environment: Linux tetsuo.woogie.net 2.4.2-2 #1 Sun Apr 8 20:41:30 EDT 2001 i686 unknown >Description: The documentation for mod_rewrite says "This module operates on the full URLs", and the URL rewriting guide has a sample reverse proxy with the following line: RewriteRule ^(http|ftp)://.* - [F] This line purports to block proxy requests to the reverse proxy. It does not. It seems that mod_rewrite is actually using the request URI and not the URL. Nothing will match this rule. A request like GET http://blah.com/index.html will show up as /index.html in the rewrite rules, so the documented way of blocking proxy requests to reverse proxies is wrong. >How-To-Repeat: >Fix: Here is a work around, but I would say that either Apache's behavior should change to match the documentation, or the documentation should change to match Apache's behavior. I don't know that Apache used to work as documented, because I recall testing this in the past, but it has been a few years since I last verified that mod_rewrite worked properly. If you use RewriteCond %{THE_REQUEST} "!^(GET|POST) /.*$" RewriteRule .* - [F,L] instead of RewriteRule ^(http|ftp)://.* - [F] You get the behavior you want >Release-Note: >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, you need] [to include in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]