Mobile app version of vmapp.org
Login or Join
Nimeshi995

: Apache 2.4 Loads Image Files Even Without Extension. Why? I have an HTML page with the following: <img src=J3 width="100" height="150" alt="Student Name" style="float:left;"/> In the same

@Nimeshi995

Posted in: #Apache #FileExtension #Images #Url

I have an HTML page with the following:

<img src=J3 width="100" height="150" alt="Student Name" style="float:left;"/>


In the same directory there is an image file, J3.jpg. The page containing the above image element successfully loads the image file, and I cannot figure out why. (I know the src= attribute is mangled; I am a college teacher and this is student work.)

Each student's work in in /home/userid/public_html. Here is the relevant section of /etc/httpd/conf/httpd.conf:

<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit
Options SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>


A search for MultiViews in httpd.conf finds only two comment lines, so MultiViews aren't enabled anyplace else. There is no mod_rewrite in the configuration file.

There is an .htaccess file in each student's directory. No MultiViews there, either, but for completeness, here is the one in question:

AuthType Basic
AuthName "Password Required"
Satisfy any
Deny from all
AuthUserFile /etc/httpd/users
AuthGroupFile /etc/httpd/groups
Require user [redacted]
Require group professors


My goal is to change httpd.conf so that the above no longer works and then tell students to do it right.

There was a MultiViews in the above directory section. I removed it and restarted httpd before posting here. I have checked /var/log/messages to be absolutely, positively sure that the HTTP daemon was restarted successfully.

If I copy the contents of the student's public_html directory to a directory under the server root, specifically /var/www/html/2015_02/student/ the picture does not display, so it is something about either that student's directory or the way all the student directories are set up in the configuration above. The test below rules out a problem with that particular directory.

I built a fake student directory, /home/bbrown/public_html/ and placed a jpeg in it. I can display it without the .jpg extension, e.g. weblab.spsu.edu/~bbrown/bbrown_quad_175 and the URL remains unchanged, without the extension. Something is wrong with the configuration, possibly in the <Directory /home/*/public_html> section above. This was all after removing MultiViews and restarting, so there is no possibility the image was cached and served from cache.

10.01% popularity Vote Up Vote Down


Login to follow query

More posts by @Nimeshi995

1 Comments

Sorted by latest first Latest Oldest Best

 

@Heady270

This feature of Apache is known as "MultiViews" and it is handled by the content negotiation module:


...if /some/dir has MultiViews enabled, and /some/dir/foo does not exist, then the server reads the directory looking for files named foo.*, and effectively fakes up a type map which names all those files, assigning them the same media types and content-encodings it would have if the client had asked for one of them by name. It then chooses the best match to the client's requirements.


It can be disabled with the configuration Options -MultiViews as described in this question from ServerFault: apache multiviews, how to disable it.

The MultiViews option can appear in the main httpd.conf file, in a .htaccess file, or in files included with an Include directive, such as those in /etc/httpd/conf.d. Just checking the main configuration file is not enough.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme