Why does the Passenger/mod_rails documentation ask me to explicitly disable MultiViews?
Question
From the documentation :
<VirtualHost *:80>
ServerName www.mycook.com
DocumentRoot /webapps/mycook/public
<Directory /webapps/mycook/public>
Allow from all
Options -MultiViews
</Directory>
</VirtualHost>
So why the following line?
Options -MultiViews
I understand, coarsely, how MultiViews works, and frankly, I don't understand why anybody would use it. Nevertheless, I don't see why the Passenger configuration guide sees it as so important to explicitly disable the option in the site configuration.
Can anyone shed light on the situation?
1 answers
solution1
0 ACCPTED 2011-01-23 15:58:35
I am not familiar with Rails, but in general, MultiViews enabled can lead to funny behaviour in certain situations - most commonly, it can end up serving a page when an incorrect URL is entered, instead of returning a 404 as it should.
Here is a blog post on another subtle possible problem with MultiViews.
This GoDaddy blog entry points out another problematic consequence:
Script files are of particular concern. Say you have an old version of a script.pl file that you copy to script.pl.bak for backup purposes. A request for script.pl.bak will still be interpreted by Apache as a Perl script, causing the old version of your code to be executed! One can imagine other instances where a script file may be executed unintentionally because of this behavior by Apache.
Bottom line, Multiviews are fine for collections of static HTML pages, but not really a good thing to have in an environment with rewritten URLs.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.