Bug 859799

Summary: Server status can be overwritten by .htaccess file
Product: OKD Reporter: Jianwei Hou <jhou>
Component: ContainersAssignee: Rob Millner <rmillner>
Status: CLOSED CANTFIX QA Contact: libra bugs <libra-bugs>
Severity: low Docs Contact:
Priority: low    
Version: 2.xCC: mfisher
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-11-16 20:36:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jianwei Hou 2012-09-24 05:25:28 UTC 
Description of problem:
A php/perl application's status can be overwritten by .htaccess file.

Version-Release number of selected component (if applicable):
On devenv_2215

How reproducible:
Always

Steps to Reproduce:
1. Create a php/perl application
2. In app's repo, touch .htaccess file in the index folder.
   eg, for php cartridge
   touch php/.htaccess
3. Add followings to .htaccess and git push
RewriteEngine On
RewriteRule ^server-status$ - [R=404,L]
4. Check app's status from CLI, access app's website.
   rhc app status -a $appname
  
Actual results:
Result returned from CLI:

RESULT:
Application 'php1' is either stopped or inaccessible

But website is accessible, .htaccess has overwritten app's status

Expected results:
Message returned from CLI should show app is running.

Additional info:
This bug is separated from bug 838783. 
For python app, I can't reproduce.
Comment 1 Rob Millner 2012-09-27 19:39:16 UTC 
There does not appear to be a way to prevent this in .htaccess without also just removing mod_rewrite.  Leaving open for comment for a few days to collect feedback but intending to close with the status of "cantfix".