2

I am sure I have goofed up somewhere in my configs. So this is what is happening.

My document root does not have any folder called "2". Yet, if I access, for example,

http://www.mostpopularsports.net/2/poll.php

or even some totally crazy url like:

http://www.mostpopularsports.net/2/poll.php/dsadsdsdsdsdsads

apache is serving content from

http://www.mostpopularsports.net/2.php (but, the image paths etc are all wrong as can be seen).

This has caused serious trouble as Google has indexed some crazy non-existent urls due to this problem (most likely it crawled when I might be changing something .. argh.. never develop live).

This is my .htaccess in the document root:

Options +FollowSymlinks
RewriteEngine on
rewritecond %{http_host} ^mostpopularsports.net [nc]
rewriterule ^(.*)$ http://www.mostpopularsports.net/$1 [r=301,nc]
Options -Indexes

And this is the apache virtual host config file inside sites-enabled:

<VirtualHost *:80>
 ServerAdmin ".........@mostpopularsports.net"
    ServerName mostpopularsports.net
    ServerAlias www.mostpopularsports.net
    CustomLog /var/log/apache2/mostpopularsports.net_access_log "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
    ErrorLog /var/log/apache2/mostpopularsports.net_error_log

    DocumentRoot "/var/www/domains/mostpopularsports.net"
    <Directory "/var/www/domains/mostpopularsports.net">
        Options +FollowSymLinks +MultiViews
         Options -Indexes
        Order allow,deny
        Allow from all
        AllowOverride All
    </Directory>

</VirtualHost>

I am stumped :(

  • Also, presently, I validated entire site using WDG HTML validator, and there is a single CSS error completely unrelated to the above problem. –  Nov 22 '10 at 18:22

2 Answers2

0

I suspect there is some rogue apache2 configuration somewhere that you are unaware of that is causing this. Check your main /etc/apache2/apache2.conf for any rewrite rules, and also check to see if /etc/apache2/mods-enabled/rewrite.conf exists.

Ben Lee
  • 52,489
  • 13
  • 125
  • 145
0

I'm posting this for the potential benefit of future visitors...

I ran into a similar problem today when working on a legacy site I inherited. I noticed that Apache was passing requests for https://www.example.com/index.php/foo/bar (where /index.php exists on the server but /index.php/foo/bar does not) to the index.php file in the root dir rather than returning a 404, as expected. The $_SERVER superglobal had $_SERVER['PHP_SELF'] = '/index.php/foo/bar which was leading to XSS vulnerabilities in scripts that contained <form method="POST" action="<?= $_SERVER['PHP_SELF']; ?>"> because you could include special HTML characters like single and double quotes in the URL path. After spending hours debugging Apache rewrite rules I stumbled across the AcceptPathInfo directive.

From the docs (https://httpd.apache.org/docs/2.4/mod/core.html#acceptpathinfo)

This directive controls whether requests that contain trailing pathname information that follows an actual filename (or non-existent file in an existing directory) will be accepted or rejected. The trailing pathname information can be made available to scripts in the PATH_INFO environment variable.

The default value for this Apache directive is AcceptPathInfo Default which leaves it up to the PHP handler to determine how to handle the trailing pathname info. I had to change it to AcceptPathInfo Off. After doing so, requests to the URL above return a 404.

Tim McLaughlin
  • 23
  • 4