[From nobody Mon Jul 27 15:49:17 2009 Received: (at 501354-done) by bugs.debian.org; 27 Jul 2009 15:39:31 +0000 X-Spam-Checker-Version: SpamAssassin 3.2.3-bugs.debian.org_2005_01_02 (2007-08-08) on rietz.debian.org X-Spam-Level: X-Spam-Bayes: score:0.0000 Tokens: new, 43; hammy, 105; neutral, 53; spammy, 1. spammytokens:0.993-1--rewrites hammytokens:0.000-+--H*c:protocol, 0.000-+--H*c:micalg, 0.000-+--H*c:signed, 0.000-+--H*c:application, 0.000-+--debconf X-Spam-Status: No, score=-4.8 required=4.0 tests=BAYES_00,FROMDEVELOPER, IMPRONONCABLE_1,MURPHY_WRONG_WORD2 autolearn=ham version=3.2.3-bugs.debian.org_2005_01_02 Return-path: <lamby@debian.org> Received: from chris-lamb.co.uk ([89.16.166.3]) by rietz.debian.org with esmtp (Exim 4.63) (envelope-from <lamby@debian.org>) id 1MVSIS-0001Hj-OC for 501354-done@bugs.debian.org; Mon, 27 Jul 2009 15:39:29 +0000 Received: from [194.224.98.149] (helo=happycat.chris-lamb.co.uk) by chris-lamb.co.uk with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.69) (envelope-from <lamby@debian.org>) id 1MVSII-0004TH-3c; Mon, 27 Jul 2009 16:39:25 +0100 Date: Mon, 27 Jul 2009 17:39:11 +0200 From: Chris Lamb <lamby@debian.org> To: Olaf van der Spek <Olaf@XWIS.Net> Cc: 501354-done@bugs.debian.org Subject: Re: Regression in FastCGI path handling in 1.4.13-4etch11 security upload Message-ID: <20090727173911.280a6d80@happycat.chris-lamb.co.uk> In-Reply-To: <49861206.60308@XWIS.Net> References: <491EC908.6040409@XWIS.Net> <20081115132418.20366655@sakaki.chris-lamb.co.uk> <491ECE33.9040009@XWIS.Net> <20081115134548.0a90fae5@sakaki.chris-lamb.co.uk> <49861206.60308@XWIS.Net> X-Mailer: Claws Mail 3.7.2 (GTK+ 2.16.5; i486-pc-linux-gnu) Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/l1qSIbgZKOw/SV/H6q029Rw"; protocol="application/pgp-signature" --Sig_/l1qSIbgZKOw/SV/H6q029Rw Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Olaf van der Spek wrote: > Don't forget... ;) >=20 > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D501354 Indeed; sorry about the delay here. I've had a poke at this during DebConf - somewhere along the line I realised that lighttpd was sending Django a URL of the form: /lamby.fcgi/lamby.fcgi/foo On a hunch, changing my rewrites to: "^/lamby.fcgi/.*$" =3D> "$0", "^/.*$" =3D> "lamby.fcgi$0", seems to have fixed the problem. Not sure why it would seemingly send a URL around url.rewrite-*once* twice, but hey. Regards, --=20 ,''`. : :' : Chris Lamb `. `'` lamby@debian.org `- --Sig_/l1qSIbgZKOw/SV/H6q029Rw Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkptyh8ACgkQ5/8uW2NPmiB1sACffa7qZdbKQU7QBy1TuLSrGLrM KyoAn1Ejm8h9U14Z+CNAbKOdrnoFIGw0 =ieYi -----END PGP SIGNATURE----- --Sig_/l1qSIbgZKOw/SV/H6q029Rw-- ]