chrisvmarle
04-10-2003, 09:56 PM
I'm running Win98 with Apache (+PHP4 module + perl +MySQL)
Lately I noticed the following:
the file wich is accessed by the URL http://localhost/index.php
is also accessable on http://localhost/index and also http://localhost/index/as/many/dirs/as/I/want
Has anyone any idea how this is possible? I'm afraid of security lags that's why I'm asking...
Thanks in advance
Mzzl, Chris
firepages
04-12-2003, 05:55 AM
Its the apache 'lookback' feature , which does not I think have a proper name as such ? anyway
Basically if apache can not find the file it is pointed at it will 'lookback' to the previous part of the url and see if indeed that is a file , so with
blah.com/index/no_existy
apache knows that no_existy does not exist so it goes back to index/ which also does not exist as a directory so it checks to see if index.html or index.htm (or whatever your text/html mimes are) to see if one of those exist , if it does it displays it.
its useful for search-engine friendly urls where you can use this 'feature' to pass info in the URL without using '?' and '&' etc
blah.com/index/var1/var2
if index.php exists index.php then has $_SERVER['PATH_INFO']; available which will contain the string '/var1/var2' which can then be used as required.
Off the top of my head I cant remember which module controls this behaviour though it is possible to disalble it via 'options' in .htaccess or httpd.conf
chrisvmarle
04-12-2003, 02:10 PM
Thanks for the advise :)
Esspecially the $_SERVER['PATH_INFO']; this answers a question of me (http://www.codingforums.com/showthread.php?s=&threadid=11314) that I asked a while ago... :D
Thank you
Mzzl, Chris
