Bug 859799 - Server status can be overwritten by .htaccess file
Server status can be overwritten by .htaccess file
Product: OpenShift Origin
Classification: Red Hat
Component: Containers (Show other bugs)
Unspecified Unspecified
low Severity low
: ---
: ---
Assigned To: Rob Millner
libra bugs
Depends On:
  Show dependency treegraph
Reported: 2012-09-24 01:25 EDT by Jianwei Hou
Modified: 2015-05-14 18:59 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-11-16 15:36:48 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jianwei Hou 2012-09-24 01:25:28 EDT
Description of problem:
A php/perl application's status can be overwritten by .htaccess file.

Version-Release number of selected component (if applicable):
On devenv_2215

How reproducible:

Steps to Reproduce:
1. Create a php/perl application
2. In app's repo, touch .htaccess file in the index folder.
   eg, for php cartridge
   touch php/.htaccess
3. Add followings to .htaccess and git push
RewriteEngine On
RewriteRule ^server-status$ - [R=404,L]
4. Check app's status from CLI, access app's website.
   rhc app status -a $appname
Actual results:
Result returned from CLI:

Application 'php1' is either stopped or inaccessible

But website is accessible, .htaccess has overwritten app's status

Expected results:
Message returned from CLI should show app is running.

Additional info:
This bug is separated from bug 838783. 
For python app, I can't reproduce.
Comment 1 Rob Millner 2012-09-27 15:39:16 EDT
There does not appear to be a way to prevent this in .htaccess without also just removing mod_rewrite.  Leaving open for comment for a few days to collect feedback but intending to close with the status of "cantfix".

Note You need to log in before you can comment on or make changes to this bug.