https://bz.apache.org/bugzilla/show_bug.cgi?id=69241
Bug ID: 69241
Summary: balancer URL mangled after rewrite in 2.4.62+
Product: Apache httpd-2
Version: 2.4.62
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: mod_proxy_balancer
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Given a simple RewriteRule of:
RewriteRule ^ http://10.0.0.1/?domain=%{HTTP_HOST} [P,END]
For a request with a Host: header of:
Host: unlikely-to-exist.com
..
The remote end sees:
"GET /?domain=unlikely-to-exist.com HTTP/1.1"
as expected. However, if the url is made a balancer:
<Proxy "balancer://forwarders">
BalancerMember "http://10.0.0.1:80"; retry=60
keepalive=On ttl=60 smax=3 max=10
BalancerMember "http://10.0.0.2:80"; retry=60
keepalive=On ttl=60 smax=3 max=10
BalancerMember "http://10.0.0.3:80"; retry=60
keepalive=On ttl=60 smax=3 max=10
ProxySet lbmethod=bybusyness timeout=3 failontimeout=On
</Proxy>
RewriteRule ^ balancer://members/?domain=%{HTTP_HOST} [P,END]
The remote end now sees:
"GET /%3Fdomain=unlikely-to-exist.com?domain=unlikely-to-exist.com HTTP/1.1"
which is obviously mangled, where it worked prior to 2.4.62. I understand there
are ongoing changes related to addressing %3F encoding security issues, but I
don't think this particular behaviour has been reported anywhere before.
Attempting to patch for, say, PR69197 does not improve matters, and a suggested
fix for PR69235 also breaks the non-balanced case.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
