Send a 404 response like other OSs do instead of 403 on Windows when (8205c82b) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

CHANGES

+4 −0

Original line number	Diff line number	Diff line
		-- coding: utf-8 --
		Changes with Apache 2.5.0

		*) core: Send a 404 response like other OSs do instead of 403 on Windows
		when a path segment or file requested uses a reserved word so Windows
		cannot be fingerprinted. PR55887 [Gregg Smith]

		*) mod_rewrite: Add 'RewriteOptions LongURLOptimization' to free memory
		from each set of unmatched rewrite conditions.
		[Eric Covener]

+15 −0

Original line number	Diff line number	Diff line
		@@ -1211,10 +1211,25 @@ AP_DECLARE(int) ap_directory_walk(request_rec *r)
		break;
		}
		else if (thisinfo.filetype != APR_DIR) {
		#ifdef _WIN32
		ap_regex_t *preg;
		#endif
		ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00038)
		"Forbidden: %s doesn't point to "
		"a file or directory",
		r->filename);
		#ifdef _WIN32
		/* Windows has a number of reserved words that cannot be used
		* as a file or directory name so thisinfo.filetype will
		* always be != APR_DIR. Don't allow us be fingerprinted with
		* a 403 and instead send a 404 like other OSs would. PR55887
		*/
		preg = ap_pregcomp(r->pool,
		"/(aux\|con\|com[1-9]\|lpt[1-9]\|nul\|prn)"
		"($\|/\|.)", AP_REG_EXTENDED \| AP_REG_ICASE);
		if (ap_regexec(preg, r->uri, 0, NULL, 0) == 0)
		return r->status = HTTP_NOT_FOUND;
		#endif
		return r->status = HTTP_FORBIDDEN;
		}