This question about This website: Asked

Bram van Oosterhout

Hi All,

ApacheConfigGenerator rewrite pub to viewfile does not work

My system:
  • Linux version 4.15.0-124-generic (buildd@lgw01-amd64-027) (gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04))
  • Foswiki 2.1.6
  • Apache 2.4

When I select the following on the Foswiki::Support::ApacheConfigGenerator

Apply Foswiki access controls to attachments by redirecting access to the viewfile script? Check to control attachment access

The config generator creates:
#
#  Protect attachments by rewriting to the "viewfile" script
#

#  Permit some safe exceptions to avoid viewfile overhead
#  Any gif/jpg/ico in /pub, and any files in /pub/System or any WebPreferences:
#  pass through unmodified
RewriteCond  %{REQUEST_URI} ^/+foswiki/pub/[^/]+\.(gif|jpe?g|ico)$  [NC,OR]
RewriteCond  %{REQUEST_URI} ^/+foswiki/pub/System/(.*)$  [OR]
RewriteCond  %{REQUEST_URI} ^/+foswiki/pub/([^/]+/)+WebPreferences/([^/]+)$
RewriteRule  ^/+foswiki/pub/.* - [L,PT]

# Optional - do not rewrite /pub/images if ImageGalleryPlugin is installed - path is incompatible with viewfile
#RewriteRule ^/+foswiki/+pub/+images/+.*$ - [L,PT]

# If it makes it here, rewrite as viewfile
RewriteRule ^/+foswiki/+pub/+(.*)$  /foswiki/bin/viewfile/$1 [L,PT]
It did not get the desired result. The pub URLs were not rewritten.

Tracing rewrite, I find the 3 RewriteCond are checked and then the pub/Sandbox/Topic/Attachment.txt url is passed through.

After reading the Apache Rewrite documentation I believe that is the correct behaviour since the L flag:
RewriteRule  ^/+foswiki/pub/.* - [L,PT]
stops all further rewriting. See; RewriteRule

With that understanding I changed the configuration to:
#
#  Protect attachments by rewriting to the "viewfile" script
#

#  Permit some safe exceptions to avoid viewfile overhead
#  Any gif/jpg/ico in /pub, and any files in /pub/System or any WebPreferences:
#  pass through unmodified
RewriteCond  %{REQUEST_URI} !^/+foswiki/pub/[^/]+\.(gif|jpe?g|ico)$  [NC,OR]   <<< Add ! Negate the match
RewriteCond  %{REQUEST_URI} !^/+foswiki/pub/System/(.*)$  [OR]                 <<< Add ! Negate the match
RewriteCond  %{REQUEST_URI} !^/+foswiki/pub/([^/]+/)+WebPreferences/([^/]+)$   <<< Add ! Negate the match
#RewriteRule  ^/+foswiki/pub/.* - [L,PT]                                       <<< Add # Removed

# Optional - do not rewrite /pub/images if ImageGalleryPlugin is installed - path is incompatible with viewfile
#RewriteRule ^/+foswiki/+pub/+images/+.*$ - [L,PT]

# If it makes it here, rewrite as viewfile
RewriteRule ^/+foswiki/+pub/+(.*)$  /foswiki/bin/viewfile/$1 [L,PT]

Which I read as:
  • Do NOT rewrite the URLs matching the RewriteCond
  • Rewrite all other /foswiki/pub references as /foswiki/bin/viewfile references.

Two questions:
  1. does my change break anything?
  2. is there a bug in the current ApacheConfigGenerator?

Thanks for your help

-- BramVanOosterhout - 07 Dec 2021

 

QuestionForm edit

Subject This website
Extension
Version Foswiki 2.1.6
Status Asked
Related Topics
Topic revision: r1 - 07 Dec 2021, BramVanOosterhout
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy