Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-16907

"phpbb" value in "hiddenSegments" blocks client requests for extensions in IIS

    XMLWordPrintable

Details

    • Bug
    • Status: Open (View Workflow)
    • Major
    • Resolution: Unresolved
    • 3.3.5
    • None
    • Extensions
    • None
    • IIS 10, Windows Server 2019, PHP 7.3

    Description

      This block in web.config includes the "phpbb" segment:

       

              <security>
                  <requestFiltering>
                      <hiddenSegments>
                          <add segment="cache" />
                          <add segment="files" />
                          <add segment="includes" />
                          <add segment="store" />
                          <add segment="vendor" />
                          <add segment="config.php" />
                          <add segment="common.php" />
                          <add segment="phpbb" />
                      </hiddenSegments>
                  </requestFiltering>
              </security>

      Problem is that this apparently doesn't just apply to the root directory. It carries forward to sub-directories as well which is a problem for official phpBB extensions since the vendor folder is "phpbb". The end result is that client requests for .js, .css, and any image files under that directory come back with a 404 response from the server.

      An obvious/temporary fix is to remove that segment, but that would eliminate the whole reason of adding it in the first place. Not yet sure what the proper solution here is.

      Attachments

        Activity

          People

            Unassigned Unassigned
            DavidIQ David Colón
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: