On Sat, Mar 24, 2012 at 7:31 AM, Rainer Jung <rainer.j...@kippdata.de> wrote: > On 24.03.2012 07:02, Kaspar Brand wrote: >> >> On 23.03.2012 18:11, Rainer Jung wrote: >>> >>> It should be RewriteRule not RewriteMap in my previous mail. I >>> simplified the config to a single RewriteRule but forgot to adjst >>> subject and intro of my mail. The problem remains the same. >> >> >> Doesn't that ring a bell - namely the one of PR 52774? > > > Thanks Kaspar, yes that's the same issue. Sorry for not having remembered or > searched that one. > > I expect the same problem for trunk, but will check it. > > I need to review the argumentation for the final variant of the > CVE-2011-4317 fix but IMHO the current behavior is broken.
The primary reasoning was that it lets the long-standing fallback logic in core fail the request if necessary, letting modules decide what they could handle. Subsequently it was determined that the error path in the initial 3368 fix didn't work for HTTP 0.9 in some levels of code (2.0 IIRC) and just managed to work in 2.2. But yes, this forward proxy situation needs to be supported. The check added to mod_rewrite to skip things it didn't know how to handle was not correct. After a cursory skim of the code, it seems that RewriteRule could conceivably be used on anything that gets in r->uri or r->filename, but that generality, hopefully unintentional, was part of the original problem.
