...
The requested URL's path portion is divided into segments and processing proceeds by looking for matching segments. As matches are found, the matched segment is discarded and the process descends into the matching element and then the same process is repeated, until no further matches are found.
| Warning | ||
|---|---|---|
| ||
| Is the path matched in a case-insensitive manner? Can it be? What if the underlying web-server / file-system is case insentive? When the request gets mapped into a filesystem resource, it could lead to a authorization bypass if an attacker changes the case of a request. (I would have added this as a comment, but comments appear to be disabled for me). A similar concern would surround other normalisation concepts, such as Unicode normalization and potentially other special filenames (eg. *.aux) on Windows. |
Query Matching
Once the most-specific path match is identified (if any), the final step is to look for child <Query> elements to match against the decoded query string parameters. Absent such elements, the query string information is NOT used during path matching and ignored.
...