Jean-Frederic wrote:
On Sat, 2007-05-19 at 14:27 +0200, Rainer Jung wrote:
Hi,
now that we changed the default way how to forward URIs from mod_jk to
Tomcat (mod_jk 1.2.23) because of a directory traversal issue, I want to
propose a better long term solution.
What's the problem?
===================
I think we still miss something... The mapping (map_uri_to_worker) uses
r->uri. Should we use s->req_uri or a carefully normalised uri to do the
mapping? Fixing s->req_uri doesn't help to fix the mapping (where the
problem comes from).
Yes, the mapping uses r->uri, and it has to, because the maping must go
against a uudecoded normalized URI. But to be consistent with Tomcats
view of the URI, we should send a URI to Tomcat, which gets interpreted
in the same way. My proposal is to send r->uri to Tomcat with encoded
'%'. That way decoding by Tomcat should result in the same URI r->uri
and since this one was already normalized by Apache, Tomcat
normalization should not change it any more.
So fixing s->req_uri in my opinion does help to fix the mapping (which
was correct!), because it prevents Tomcat from changing the URI in a
wrong way.
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
