Bug #1144
/cn/ escaped slash mishandled by server
100%
Description
escaped slashes (in identifiers) are being decoded and misdirecting in cn calls, returning a 404 (Not Found) error from the Apache Server. It should preserve the pct-encoding and pass the encoded URL to the servlet. An example:
http://cn-dev.dataone.org/cn/object/foo%2F and
http://cn-dev.dataone.org/cn/object/foo%2Fxxx
both give the following (differing as you would expect at the URL):
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
404 Not Found
Not Found
The requested URL /cn/object/foo/bar was not found on this server.
Apache/2.2.12 (Ubuntu) Server at cn-dev.dataone.org Port 80
Update Log time Watch Duplicate
History
#1 Updated by Rob Nahf almost 14 years ago
Log file excerpts from cn-dev:
from apache/error.log
[Mon Dec 06 13:56:22 2010] [error] [client 129.24.0.10] File does not exist: /var/www/favicon.ico, referer: http://cn-dev.dataone.org/cn/object/foo%2Fbar
[Mon Dec 06 13:56:43 2010] [error] [client 129.24.0.10] File does not exist: /var/www/favicon.ico, referer: http://cn-dev.dataone.org/cn/object/foo%2F
from apache2/other_vhosts_access.log:
cn-dev.dataone.org:80 129.24.0.10 - - [06/Dec/2010:13:56:22 -0800] "GET /cn/object/foo%2Fbar HTTP/1.1" 404 511 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-us) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4"
cn-dev.dataone.org:80 129.24.0.10 - - [06/Dec/2010:13:56:22 -0800] "GET /favicon.ico HTTP/1.1" 404 506 "http://cn-dev.dataone.org/cn/object/foo%2Fbar" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-us) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4"
cn-dev.dataone.org:80 129.24.0.10 - - [06/Dec/2010:13:56:38 -0800] "GET /cn/object/foo%2F HTTP/1.1" 404 510 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-us) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4"
cn-dev.dataone.org:80 129.24.0.10 - - [06/Dec/2010:13:56:43 -0800] "GET /favicon.ico HTTP/1.1" 404 506 "http://cn-dev.dataone.org/cn/object/foo%2F" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-us) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4"
/var/log/tomcat6/cn.log doesn't contain entries for these calls, but does for normal cases.
Found:
[ INFO] 2010-12-06 14:34:18,001 (MetacatProxyObjectServiceImpl:debugWrapper:194) proxy.wrapper javax.servlet.forward.request_uri: /cn/object/knb:testid:201033641222165
and not found:
[ INFO] 2010-12-06 14:13:23,534 (MetacatProxyObjectServiceImpl:debugWrapper:194) proxy.wrapper javax.servlet.forward.request_uri: /cn/object/foofoo
similarly tomcat6/localhost.2010-12-06.log contains urlrewrite logging info for normal cases only.
/var/log/syslog does not contain entries for these requests either, but is less informative, as it only logs caught exceptions for bogus id situations; nothing for successfully found ids.
#3 Updated by Rob Nahf almost 14 years ago
- Status changed from New to Closed
- Priority changed from Normal to Urgent
thorough troubleshooting ruled out possible solutions to this problem. Apache's AllowEncodedSlashes directive does not seem to work as it should (https://issues.apache.org/bugzilla/show_bug.cgi?id=35256). Tests on cn-dev with against all permutations of AllowEncodedSlashes [on|off] and AcceptPathInfo [on|off|default] still leave %2F blocked in the first stage of request processing. Giving the error :
[Thu Dec 09 14:16:47 2010] [info] [client 127.0.0.1] found %2f (encoded '/') in URI (decoded='/cn/object/xxhttpAESon/APInotset'), returning 404
in the apache2/error.log
All similar tests with the %2F in the query portion of the URI make it through tomcat and to the /cn/ service endpoint. I used URLs in the form of:
localhost/cn/object/get?id=ooo%2Fooo
localhost/cn/object?id=ooo%2Fooo
Regarding the apache2 bug, it looks like a longstanding issue that's not getting much attention.
#4 Updated by Rob Nahf almost 14 years ago
- File escapedSlashesTests.xlsx added