Slash in URL causes endless loop

Fix it!!

Slash in URL causes endless loop

Postby mmoench » Fri Nov 07, 2008 4:11 am

Hi, I'm using the following rule with apache 2.2.9:
RewriteRule ^([0-9]+_[^\-]+)\-([^\-]+).*\.html$ $1.html?tag=$2 [N]

An URL like "1_a-a/1_a-a.html" is correctly rewritten to "1_a.html?tag=a/1_a"
and I would expect that the rewriter quits after this because the new URL does
not match the Rewrite-Rule but it does not. The rewriter gets stuck in an
endless loop and starts eating up memory which eventually leads to a server crash:

rewrite '1_a-a/1_a-a.html' -> '1_a.html?tag=a/1_a'
rewrite '1_a.html/1_a-a.html' -> '1_a.html/1_a.html?tag=a'
rewrite '1_a.html/1_a.html/1_a-a.html' -> '1_a.html/1_a.html/1_a.html?tag=a'
rewrite '1_a.html/1_a.html/1_a.html/1_a-a.html' -> '1_a.html/1_a.html/1_a.html/1_a.html?tag=a'
rewrite '1_a.html/1_a.html/1_a.html/1_a.html/1_a-a.html' -> '1_a.html/1_a.html/1_a.html/1_a.html/1_a.html?tag=a'

The Bugzilla staff told me that this is a configuration issue and not a bug. So what am I supposed to do here? Mod_rewrite does not care about "RewriteOptions MaxRedirects" or "LimitInternalRecursion". And I don't really know what kind of URLs people are sending to my server. So how to avoid endless loops like this?
The solution I'm currently using to avoid frequent server crashes (the alexa-bot keeps trying URLs which crash my server every night) is to kill all apache-processes using > 400MB of memory via a perl script running in the background. But this is not very satisfying...
Posts: 1
Joined: Fri Nov 07, 2008 4:00 am

Postby richardk » Fri Nov 07, 2008 11:52 am

What is your full mod_rewrite?

Code: Select all
Options +FollowSymLinks

RewriteEngine On

RewriteRule ^([0-9]+_[^\-]+)\-([^\-]+).*\.html$ /$1.html?tag=$2 [QSA,L]
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 1 guest