Uploaded image for project: 'phpBB'
  1. phpBB
  2. PHPBB-16907

"phpbb" value in "hiddenSegments" blocks client requests for extensions in IIS

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • 3.3.13-RC1
    • 3.3.5
    • Extensions
    • None
    • IIS 10, Windows Server 2019, PHP 7.3

      This block in web.config includes the "phpbb" segment:

       

              <security>
                  <requestFiltering>
                      <hiddenSegments>
                          <add segment="cache" />
                          <add segment="files" />
                          <add segment="includes" />
                          <add segment="store" />
                          <add segment="vendor" />
                          <add segment="config.php" />
                          <add segment="common.php" />
                          <add segment="phpbb" />
                      </hiddenSegments>
                  </requestFiltering>
              </security>

      Problem is that this apparently doesn't just apply to the root directory. It carries forward to sub-directories as well which is a problem for official phpBB extensions since the vendor folder is "phpbb". The end result is that client requests for .js, .css, and any image files under that directory come back with a 404 response from the server.

      An obvious/temporary fix is to remove that segment, but that would eliminate the whole reason of adding it in the first place. Not yet sure what the proper solution here is.

            Marc Marc
            DavidIQ David Colón
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: