https://issues.apache.org/bugzilla/show_bug.cgi?id=52465
Bug #: 52465
Summary: mod_dir is allowed to redirect proxy requests
Product: Apache httpd-2
Version: 2.2.21
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: mod_rewrite
AssignedTo: [email protected]
ReportedBy: [email protected]
Classification: Unclassified
There exists a code path where, if you have a directory <docroot>/foo (or
similar aliased directory, and you do something like:
<Location /foo>
RewriteRule ^ http://some.other.server%{REQUEST_URI} [P]
</Location>
If you request /foo (no trailing slash), you go through your request phases, do
URI->filename translation, lookup the file (and find it exists), so you set
r->finfo up (particularly with r->finfo.filetype == APR_DIR) from the stat
call, and then you get to your fixups.
mod_rewrite does its fixup, rewriting r->filename to
proxy:http://some.other.server/foo, as it should, it then sets up r->handler to
be proxy_server, and sets r->proxyreq to be PROXY_REVERSE, as it should.
Unfortunately, r->finfo.filetype is still set, so when mod_dir comes to do
*its* fixups, it finds that the finfo.filetype is APR_DIR, it then finds that
the uri doesn't have a trailing slash, so it helpfully redirects to one that
does.
There are 2 possible fixes for this, and it might be worth applying both:
(1) mod_dir.c:dir_fixups(), at the beginning add something that checks for
r->proxyreq, r->filename and !strncmp(r->filename, "proxy:", 6), and returns
DECLINED.
(2) mod_rewrite.c:hook_fixup(), before the log line:
rewritelog((r, 1, dconf->directory, "go-ahead with proxy request "
"%s [OK]", r->filename));
add: r->finfo.filetype = APR_NOFILE;
Either, on their own will sort out the problem, but there may be other ways to
get to either state, so it seems sensible to belt-and-braces...
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
