I stumbled upon an odd behaviour of Apache today: Apache2 (I did not check Apache1.3.x but I'm quite
sure it will handle it the same way) thanks to mod_mime defines 'extensions' as 'one extension of many'. That's why
the AddHandler-Directive treats a given extension as a string which has to exist anywhere(!) in
the filename. So for example
AddHandler cgi-script wurstWill handle all files matching
/^.*\.wurst.*$/i. At first I thought I had to have made some
errors in the configuration but a quick look at a fresh apache2 installation differed in no way of
handling the file extensions. A deeper search in Apache's Buglyzilla led to Bug #10768 which has been marked invalid as this is a feature, not a bug. Quote:
An "extension" in apache is any period-delimited part of the filename after the first period. So in one.two.three.four, all of two, three and four are extensions.That's of course a whole other thing than I would usually think of, for example wikipedia says:
A filename extension is an extra set of (usually) alphanumeric characters that is appended to the end of a filename
That's why if you have defined a filetype being handled via AddHandler then you better be sure to check uploaded files not only for valid extensions but their whole name for possible dots. Can't wait to check for php-applications only checking uploads for file-ending matching «.php»..
A workaround for only matching file extensions (as in 'ending') is to comment out that AddHandler line and replacing it with:
<Files ~ "\.cgi$"> SetHandler cgi-script </Files>( this will surely boost performance to the max .. )