Bug #3283
closedUnexpected path resolution for invalid path
Description
When testing the server, we expected a 404 Not Found response for a request resembling dir/dir/file_name/file_name, but instead received a 200 response with the contents of the file at file_name. The same error occurs when the path is dir/dir/file_name/dir. It appears the full URI is not being resolved, and that resolution is stopping as soon as a valid file is found.
Steps to reproduce
h2. File system:
B/
B/b
B/b/a.txt¶
mkdir B
cd B
mkdir b
cd b
echo "B/b/a.txt" > a.txt
Commands:
curl -v "http://localhost:8082/B/b/a.txt/a.txt"
curl -v "http://localhost:8082/B/b/a.txt/a.txt"
Response:
* Connected to localhost (::1) port 8082
> GET /B/b/a.txt/b.txt HTTP/1.1
> Host: localhost:8082
> User-Agent: curl/8.4.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: text/plain;charset=utf-8
< ETag: "3927064950"
< Last-Modified: Wed, 05 Mar 2025 23:50:35 GMT
< Content-Length: 10
< Accept-Ranges: bytes
< Date: Wed, 14 May 2025 03:51:54 GMT
< Server: lighttpd/1.4.69
<
B/b/a.txt
* Connected to localhost (::1) port 8082
> GET /B/b/a.txt/b.txt HTTP/1.1
> Host: localhost:8082
> User-Agent: curl/8.4.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: text/plain;charset=utf-8
< ETag: "3927064950"
< Last-Modified: Wed, 05 Mar 2025 23:50:35 GMT
< Content-Length: 10
< Accept-Ranges: bytes
< Date: Wed, 14 May 2025 03:51:54 GMT
< Server: lighttpd/1.4.69
<
B/b/a.txt
Updated by gstrauss 3 days ago
- Status changed from New to Invalid
- Priority changed from Normal to Low
- Target version deleted (
1.4.xx)
Please use your favorite search engine to look up "HTTP and PATH_INFO"
PATH_INFO can be disabled for static files with lighttpd.conf static-file.disable-pathinfo = 1, or PATH_INFO can be disabled globally in the server with lighttpd.conf server.feature-flags += ("server.http-pathinfo" => "disable")
mod_staticfile
server.feature-flags
Updated by gstrauss 2 days ago
If you are new to web servers, please post questions in the lighttpd forums instead of polluting the issue tracker:
https://redmine.lighttpd.net/projects/lighttpd/boards/2
lighttpd has its own tests in the source tree under
https://git.lighttpd.net/lighttpd/lighttpd1.4/src/branch/master/src/t/
and
https://git.lighttpd.net/lighttpd/lighttpd1.4/src/branch/master/tests/
Also available in: Atom