Bug 49131 - Very long URLs cause 404 or 403 errors with SetAction, RewriteRule, RedirectMatch...
Very long URLs cause 404 or 403 errors with SetAction, RewriteRule, RedirectM...
Status: NEW
Product: Apache httpd-2
Classification: Unclassified
Component: Core
2.2.11
PC Linux
: P2 normal with 2 votes (vote)
: ---
Assigned To: Apache HTTPD Bugs Mailing List
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2010-04-15 17:50 UTC by Alain Knaff
Modified: 2013-09-17 20:18 UTC (History)
2 users (show)



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alain Knaff 2010-04-15 17:50:36 UTC
We've got a virtual host set up where all requests are redirected to a cgi script using SetAction

<Virtualhost *:80>
        ServerName mytest
        DocumentRoot /var/www/mytest

        Options +ExecCGI
        Action all /index.cgi virtual
        <Location /index.cgi>
                SetHandler cgi-script
        </Location>
        SetHandler all
</Virtualhost>

... where index.cgi is just a small example that prints the environment
#!/bin/sh

echo Content-Type: text/plain
echo
printenv


This works ok for small URLs such as

http://mytest/abc.html

However, for very long URLs, weird stuff happens. Often we get a 404, and sometimes a 403.

http://mytest/01234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789

It really looks like some kind of buffer overrun...

Same thing with RewriteRule:

<Virtualhost *:80>
        ServerName mytest
        DocumentRoot /var/www/mytest

        RewriteEngine on
        RewriteRule /.* /index.cgi [L]
</Virtualhost>

and:

<Virtualhost *:80>
        ServerName mytest
        DocumentRoot /var/www/mytest

        RedirectMatch /............* /index.cgi
</Virtualhost>
Comment 1 zwoop 2010-07-01 17:13:42 UTC
When I try this, I see a similar problem, but always a 403. My error log says

[Thu Jul 01 14:59:23.126222 2010] [error] [pid 2065:tid 139906479290128] [client ::1:35270] (36)File name too long: access to /aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaassssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssaaaaaaaaaaaabcdefghijklm failed


So, it seems to me that something is "stat"ing names that really aren't files. Do you see a similar error in your logs?
Comment 2 Alain Knaff 2010-07-11 17:26:43 UTC
I do indeed get something similar:

[Sun Jul 11 23:18:11 2010] [error] [client 127.0.0.3] (36)File name too long: access to /01234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789 failed