git.m6w6.name Git - m6w6/m6w6.github.io/blob - _posts/2007-05-03-apache-multiviews-are-evil.md

   1 ---
   2 title: Apache MultiViews are evil
   3 author: m6w6
   4 tags:
   5 - WTF
   6 - WEB
   7 ---
   8
   9 Suppose you've got a similar setup to:
  10
  11 ```apache
  12 RewriteEngine On
  13 RewriteBase /
  14
  15 RewriteCond %{REQUEST_FILENAME} -f [OR]
  16 RewriteCond %{REQUEST_FILENAME} -d
  17 RewriteRule .* - [QSA,L]
  18
  19 RewriteRule ^network/?(w+)?$ network.php?path=$1
  20 ```
  21
  22 Apache will expand e.g. "network/foo/bar" to "network.php/foo/bar" which won't
  23 be expanded to "network.php?f=" because it --of course-- exists (RewriteCond -f).
  24
  25 Evil! :)
  26