Project

General

Profile

[Solved] For some reason lighttpd loads /index.html when visiting https://XXX.X/index.html/anyvalue

Added by TaylorP almost 4 years ago

I'm not sure why but if I visit mysite.com/index.html/ it will still load mysite.com/index.html.

After a bit of exploring I also noticed that mysite.com/index.html/any value returned the same thing.
On top of that it's not just for index.html but for every single file.

My current version is lighttpd/1.4.53 (ssl)

and here is my config

server.modules = (
        "mod_indexfile",
#       "mod_access",
        "mod_alias",
        "mod_redirect",
#       "mod_rewrite",
        "mod_setenv",
        "mod_accesslog",
        "mod_openssl",
        "mod_compress",
#       "mod_dirlisting",
        "mod_staticfile",
#       "mod_fastcgi",          #used for php
        "mod_scgi",             #used for wsgi
)

server.document-root    = "/var/www/" 
server.upload-dirs      = ( "/var/cache/lighttpd/uploads" )
server.errorlog         = "/var/log/lighttpd/error.log" 
server.pid-file         = "/var/run/lighttpd.pid" 
server.username         = "www-data" 
server.groupname        = "www-data" 
server.port             = 80
server.tag              = "nginx" 
server.use-ipv6         = "disable" 
accesslog.filename      = "/var/log/lighttpd/access.log" 
accesslog.format        = "%t %V %h %b %s \"%r\" \"%{Referer}i\" \"%{User-Agent}i\"" 
index-file.names        = ("index.html")
url.access-deny         = ("~",".inc",".ht",".hta",".htaccess","robots.txt",".py")
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

# strict parsing and normalization of URL for consistency and security
# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
# (might need to explicitly set "url-path-2f-decode" = "disable" 
#  if a specific application is encoding URLs inside url-path)
server.http-parseopts = (
        "header-strict"            => "enable",
        "host-strict"              => "enable",
        "host-normalize"           => "enable",
        "url-normalize"            => "enable",
        "url-normalize-unreserved" => "enable",
        "url-normalize-required"   => "enable",
        "url-ctrls-reject"         => "enable",
        "url-path-2f-decode"       => "enable",
        "url-path-dotseg-remove"   => "enable",
        "url-query-20-plus"        => "enable" 
)

# Caching & Compression
compress.cache-dir          = "/var/cache/lighttpd/compress/" 
compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain", "image/svg+xml" )

# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.conf.pl" 
include "/etc/lighttpd/conf-enabled/*.conf" 

# Remove www prefix
$HTTP["host"] =~ "^www\.(.*)" {
        url.redirect = ( "^/(.*)" => "https://%1/$1" )
}
# Force TLS
$HTTP["scheme"] == "http" {
        $HTTP["host"] =~ ".*" {
                url.redirect = (".*" => "https://%0$0")
        }
}

# Virtual Hosts
# Refuse domainless access
$HTTP["host"] == "149.56.133.1" {
        $SERVER["socket"] == ":443" {
                ssl.engine = "enable" 
                ssl.pemfile = "/etc/lighttpd/ssl/ssl.pem" 
                ssl.ca-file = "/etc/lighttpd/ssl/ssl.crt" 
        }
        url.redirect = (".*" => "https://google.com/")
}
$HTTP["host"] =~ "YYY\.Y|www\.YYY\.Y" {
        server.document-root = "/var/www/YYY" 
        server.error-handler-404 = "/" 
        #SSL SETTINGS
        $SERVER["socket"] == ":443" {
                ssl.engine              = "enable" 
                ssl.ca-file             = "/etc/letsencrypt/live/YYY.Y/chain.pem" 
                ssl.pemfile             = "/etc/letsencrypt/live/YYY.Y/merged.pem" 
        }
}
$HTTP["host"] == "dev.YYY.ca" {
        server.document-root = "/var/www/dev" 
        #server.error-handler-404 = "/" 
        #SSL SETTINGS
        $SERVER["socket"] == ":443" {
                ssl.engine              = "enable" 
                ssl.ca-file             = "/etc/letsencrypt/live/YYY.Y/chain.pem" 
                ssl.pemfile             = "/etc/letsencrypt/live/YYY.Y/merged.pem" 
        }
}
$HTTP["host"] =~ "XXX\.X|www\.XXX\.X" {
        server.document-root = "/var/www/XXX" 
        server.error-handler-404 = "/" 
        #SSL SETTINGS
        $SERVER["socket"] == ":443" {
                ssl.engine              = "enable" 
                ssl.ca-file             = "/etc/letsencrypt/live/XXX.X/chain.pem" 
                ssl.pemfile             = "/etc/letsencrypt/live/XXX.X/merged.pem" 
        }
        $HTTP["url"] =~ "/apps|/apps/" {
                scgi.protocol = "uwsgi" 
                scgi.server = (
                        "/" => (( "host" => "127.0.0.1", "port" => 3031, "check-local" => "disable" )),
                )
        }
}

Also if you guys see anything I can do to improve my config please let me know as well.


Replies (3)

RE: For some reason lighttpd loads /index.html when visiting https://XXX.X/index.html/anyvalue - Added by gstrauss almost 4 years ago

static-file.disable-pathinfo = "enable" - do not handle as static file if path-info is present after file name

RE: For some reason lighttpd loads /index.html when visiting https://XXX.X/index.html/anyvalue - Added by TaylorP almost 4 years ago

Sorry so what should I add to my config to fix this issue, I added static-file.disable-pathinfo = "enable" but it didn't do anything.

    (1-3/3)