https://bz.apache.org/bugzilla/show_bug.cgi?id=65616
--- Comment #1 from Yann Ylavic <ylavic....@gmail.com> --- > > ProxyPass /uwsgi-pp uwsgi://localhost:8001/ The double '/' comes from the above, and could be avoided by using: ProxyPass /uwsgi-pp uwsgi://localhost:8001 or: ProxyPass /uwsgi-pp/ uwsgi://localhost:8001/ Using one or the other depends on whether you want e.g."/uwsgi-ppfoo" to be passed too or not (whereas "/uwsgi-pp/foo" will be passed by both). > ProxyPass /uwsgi-pps/ uwsgi://localhost:8001/ This one looks good. > ProxyPassMatch ^/admin uwsgi://localhost:8001/ Same here: ProxyPassMatch ^/admin uwsgi://localhost:8001 or: ProxyPassMatch ^/(admin/.*) uwsgi://localhost:8001/$1 > > I can dedicate time to work on a patch, if you have a test case for > CVE-2021-36160 (to ensure the vulnerability stay fixed). CVE-2021-36160 is actually fixed by r1892874, though depending on the playload it might have crashed here (we don't disclose exploits so there is no known test case). Pointing u_path_info (PATH_INFO) to the right most leading '/' to fix your issue is an option, if you want to address it at the code level (rather than in your configuration). -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
