mod_rewrite LOOP [N] Flag
hello
regarding mod_rewrite i encountered a kind of big problem
the [N] flag does Next and if used wrong this ends in an endless LOOP and stuck httpd process eating all Memory and brings the server to stop responding
this ruleset killed my server - load went up 20+
i was able to ssh in and had to #kill -9 PID
is there any way to DEACTIVATE the [N] Flag in mod_rewrite ?
Running on:
Apache/2.2.29 (Unix)
cpu i7-3930K
64 GB RAM
[LIST]CENTOS 6.7 x86_64 standard " WHM 11.52.1 (build 3)
stuck httpd processes
nobody 16834 1.6 17.8 16503064 11689456 ? D 09:55 0:28 \_ /usr/local/apache/bin/httpd -k start
nobody 16835 1.8 29.1 24434928 19054612 ? D 09:55 0:31 \_ /usr/local/apache/bin/httpd -k start
nobody 17125 1.9 29.6 24547640 19390656 ? D 09:57 0:31 \_ /usr/local/apache/bin/httpd -k start
customers ruleset
RewriteRule ^index.htm /index.php [L]
RewriteRule ^impressum.htm /impressum.php [L]
RewriteRule ^show-route.htm /show-route.php [L]
RewriteRule ^delivery-charges.htm /delivery-charges.php [L]
RewriteRule ^terms-of-business.htm /terms-of-business.php [L]
RewriteRule ^links.htm /links.php [L]
RewriteRule ^sitemap.htm /sitemap.php [L]
RewriteRule ^productlist.htm /productlist.php [L]
RewriteRule ^shoppingcart.htm /shoppingcart.php [L]
RewriteRule ^userinfos.htm /userinfos.php [L]
RewriteRule ^orderinfos.htm /orderinfos.php [L]
RewriteRule ^send-order.htm /send-order.php [L]
RewriteRule ^order-confirmation.htm /order-confirmation.php [L]
RewriteRule ^vheader-(.*)-(.*).jpg /gen_image.php?text=$1&style=$2
RewriteRule ^print.htm /print-order.php [L]
RewriteRule ^(productlist)-([^/-]+)-([^/.-]+)([^/.]*)(\.html)?$ $1$4?$2=$3 [QSA,N]
RewriteRule ^productlist$ /productlist.php [L]
RewriteRule ^onlineshop /ssp_env.php [L]
RewriteRule (.*)\.html$ /shopitem.php?id=$1?$2=$3 [QSA,N]
-
and just 4 info - the apache RLimitMEM is not working - limits are set but the process just grows and grows in mem 0 -
is there any way to DEACTIVATE the [N] Flag in mod_rewrite ?
Hello :) Could you elaborate on this? For instance, what's the difference between deactivating it and simply removing it from your rules? Thank you.0 -
as it is now any customer who uses the rule can bring my server down. thats why i like to just remove the Flag N so no loop is possible. 0 -
It's not possible to disable this flag from the documentation I've reviewed. However, you could disable Mod_Rewrite for individual accounts that are utilizing rules which generate issues with Apache. Edit: Corrected Mod_Security to Mod_Rewrite Thank you. 0 -
It's not possible to disable this flag from the documentation I've reviewed. However, you could disable Mod_Security for individual accounts that are utilizing rules which generate issues with Apache. Thank you.
What does Mod_Security have to do with this? I can't see any reason to disable it in this scenario. Anyway, there is a redirect limit of 10 by default, more info on this can be found here: core - Apache HTTP Server Version 2.4 You could try lowering it but that really shouldn't be necessary.0 -
What does Mod_Security have to do with this? I can't see any reason to disable it in this scenario. Anyway, there is a redirect limit of 10 by default, more info on this can be found here: core - Apache HTTP Server Version 2.4 You could try lowering it but that really shouldn't be necessary.
I don't think this limit will apply for the situation described. In fact for Apache 2.2.x I'm 100% sure it doesn't work. The -N flag tells mod_rewrite to start from beginning parsing the .htaccess file, which it seems doesn't increment the internal redirect counter. The memory leak resulting from "bad used" -N flag is a "100 year problem". For me the most convenient way of fixing this "bad behaviour" is to manually patch Apache and disable/limit the option.0
Please sign in to leave a comment.
Comments
6 comments