Page MenuHomePhabricator
Paste P3227

rewrite git labs
ActivePublic
Actions

Authored by Dzahn on Jun 8 2016, 7:01 PM.
Tags
None
Referenced Files
F4144109: rewrite git labs
Jun 8 2016, 7:01 PM
F4144106: rewrite git labs
Jun 8 2016, 7:01 PM
Subscribers
None
11:11 < mutante> in a RewriteRule i use "^/tree/(.+)" to match /tree/foo and then reuse the foo part in my target URL. it's ok so far, just when i request something like "/tree/%2F" it is still 404 because of the %2F , how do i also match those
11:12 < Unbeliever> fajita: AllowEncodedSlashes
11:12 < fajita> http://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes
11:12 < Unbeliever> mutante: possibly this ^^
11:12 < thumbs> mutante: .+ or .* will match it.
11:12 < thumbs> but yes, allow the encoded slashes first.
11:13 < mutante> hmm, aha! looking at that, thanks
11:15 < mutante> ugh, now i dont know if that will influence any of all the existing config there is and i see " Allowing slashes to be decoded could potentially allow unsafe paths."
11:15 < thumbs> mutante: indeed.
11:15 < Unbeliever> mutante: indeed, it can be a security risk
11:16 < mutante> i wish i could just do this in the context of my rewrite rule
11:17 < thumbs> fajita: AllowEncodedSlashes context
11:17 < fajita> AllowEncodedSlashes may be used in the following contexts: server config, virtual host
11:18 < rbowen> mutante: There's a rewrite flag for that.
11:18 < rbowen> fajita: rewrite flags
11:18 < fajita> http://httpd.apache.org/docs/current/rewrite/flags.html
11:18 < mutante> NE?
11:18 < fajita> noescape (no uri escaping of output)
11:18 < rbowen> Is it NE? Or B?
11:18 < rbowen> I always get confused between the two of those.
11:18 < rbowen> Depends on what you're trying to do.
11:18 < mutante> but i need to match those types on the left hand side
11:18 < Unbeliever> possibly both :)
11:19 < rbowen> fajita: NE
11:19 < fajita> noescape (no uri escaping of output)
11:19 < rbowen> pfft. Lot of help that is.
11:19 < rbowen> I think it's B, but I'm not sure.
11:20 < mutante> it seems that NE is only about output, B is a good point, reading
11:20 < Unbeliever> you still may require the AllowEncodedSlashses otherwise apache may returna 4040 simply because it finds %2F in the URI path
11:20 < Unbeliever> er 404
11:20 < thumbs> Unbeliever: correct.
11:20 < thumbs> mutante: anyway, you can limit this to your vhost
11:20 < mutante> ok, then i need to test this behaviour on the production setup and see that first
11:20 < mutante> right now i was on a labs host
11:21 < mutante> thumbs: ok! thanks
11:21 < Unbeliever> test on the production setup .. an oxymoron if ever there was one
11:21 < mutante> haha, yea, but it's not as bad as it sounds :) production also has "canary" servers
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits