radiac.net

I seem to have a knack for finding obscure bugs. Mostly it's in places you'd expect, like Flash and ActionScript, or Perl modules from CPAN, but today I found one in Apache.

Essentially it comes down to this: you can't place canonical url mod_rewrite rules in a subdirectory.

So, if you haven't closed your browser after reading that:

1. You want a request handler in a subdirectory off your server root, /var/www/subdir, and because it's just your development server and you're after a quick hack, you copy your standard handler .htaccess in there
2. It has mod_rewrite redirect rules that map URLs without trailing slashes into URLs with trailing slashes, so http://foo/subdir becomes http://foo/subdir/
3. Now make a request for http://foo/subdir, with no trailing slash
4. Surprise! Your browser is now pointing at http://foo//var/www/subdir/

Looking at it with RewriteLog, the problem is that Apache sees the request for the directory and checks that directory for a .htaccess file, and finds your new one. Your per-dir root is therefore /var/www/subdir/, but your request is for /var/www/subdir; apache can't strip the per-dir from the start of the initial request as it would normally, since the request doesn't actually contain the full per-dir string.

It then thinks the uri is the absolute local file path instead of the relative remote path, so applies the pattern ^(.+[^/])$ to this incorrect uri. It then says "Hey, this /var/www/subdir doesn't have a trailing slash!", and issues a redirect to the server root plus the full local path, so your browser duly requests http://foo//var/www/subdir/. Still, at least it now has a trailing slash.

Arguably more of a mistake using a feature on my part, but anything that exposes the server structure like that sounds more like a bug to me. And this has been reported and patched as such. In 2.2. Debian, of course, is on 2.0. Hurrah!

The obvious work-around is to modify your rewrite rules to run from the root of your server, which you'd want to do in production anyway. This will therefore only cause problems for people who feel the need to track down and understand every bug and are not satisfied with the obvious fix that just works, and yet who are rather lazy to begin with. And who run out-of-date software.

And now I've said that, I'm not quite sure why I thought it would be of interest to you, my poor long-suffering readers. Still, I've written, so I shall post. Got to get my post count back up somehow - the average has been rather low this year.

I woke up one morning to find my Wii glowing. It was a message - Nintendo were telling me that they'd send me some free Wiimote covers. I said OK, and they arrived last week. They're quite good actually, especially for free. Shame they won't do the same with Mario Galaxy.

Then of course there was the Nokia BL5C battery recall, one of which was in my 6230i. I contacted them for a replacement, and they said they'd send me one.

It was around that time that my phone broke. I don't know what was wrong with it, but I took it back to t-mobile, who sent it away. They fixed it by replacing the 'motherboard' - by which they meant everything apart from the battery and the covers.

And now my replacement battery has arrived! So now all I need is a new cover for it, and I will have a brand new phone. For free. Right in time for me to trade up to a new model.

Still holding out for the new 8GB N95 - although there's no sign of it arriving on t-mobile. Almost tempted to move to Vodafone. Or get a lesser 3G model that would be a bit cheaper, like a Sony, or the plain N95 - that would be about a quarter of the price. Or just hold on to my 6230i until the new nokia touch screen phones start arriving next Christmas. Decisions decisions!

Ok, I must have missed the memo about this one, but this is cool. O'Reilly, for example. Well, as long as you're only after the first few pages of each chapter, otherwise you're back to googling for dodgy russian sites. But it's a start.

Have finally got round to installing the IE developer toolbar, and discovered the Fiddler HTTP debugger. This is going to help...