|
Lines 3995-4001
static int apply_rewrite_rule(rewriterul
Link Here
|
| 3995 |
* i.e. a list of rewrite rules |
3995 |
* i.e. a list of rewrite rules |
| 3996 |
*/ |
3996 |
*/ |
| 3997 |
static int apply_rewrite_list(request_rec *r, apr_array_header_t *rewriterules, |
3997 |
static int apply_rewrite_list(request_rec *r, apr_array_header_t *rewriterules, |
| 3998 |
char *perdir) |
3998 |
char *perdir, int *uricheck) |
| 3999 |
{ |
3999 |
{ |
| 4000 |
rewriterule_entry *entries; |
4000 |
rewriterule_entry *entries; |
| 4001 |
rewriterule_entry *p; |
4001 |
rewriterule_entry *p; |
|
Lines 4008-4013
static int apply_rewrite_list(request_re
Link Here
|
| 4008 |
ctx = apr_palloc(r->pool, sizeof(*ctx)); |
4008 |
ctx = apr_palloc(r->pool, sizeof(*ctx)); |
| 4009 |
ctx->perdir = perdir; |
4009 |
ctx->perdir = perdir; |
| 4010 |
ctx->r = r; |
4010 |
ctx->r = r; |
|
|
4011 |
*uricheck=0; /* True if the URI should be made to pass extra checks */ |
| 4011 |
|
4012 |
|
| 4012 |
/* |
4013 |
/* |
| 4013 |
* Iterate over all existing rules |
4014 |
* Iterate over all existing rules |
|
Lines 4079-4084
static int apply_rewrite_list(request_re
Link Here
|
| 4079 |
* last-rule and new-round flags. |
4080 |
* last-rule and new-round flags. |
| 4080 |
*/ |
4081 |
*/ |
| 4081 |
if (p->flags & (RULEFLAG_PROXY | RULEFLAG_LASTRULE)) { |
4082 |
if (p->flags & (RULEFLAG_PROXY | RULEFLAG_LASTRULE)) { |
|
|
4083 |
if (p->flags & RULEFLAG_PROXY) { |
| 4084 |
*uricheck=1; |
| 4085 |
} |
| 4082 |
break; |
4086 |
break; |
| 4083 |
} |
4087 |
} |
| 4084 |
|
4088 |
|
|
Lines 4240-4245
static int hook_uri2file(request_rec *r)
Link Here
|
| 4240 |
const char *thisurl; |
4244 |
const char *thisurl; |
| 4241 |
unsigned int port; |
4245 |
unsigned int port; |
| 4242 |
int rulestatus; |
4246 |
int rulestatus; |
|
|
4247 |
int uricheck=0; /* True if the URI should be made to pass extra checks */ |
| 4243 |
|
4248 |
|
| 4244 |
/* |
4249 |
/* |
| 4245 |
* retrieve the config structures |
4250 |
* retrieve the config structures |
|
Lines 4267-4273
static int hook_uri2file(request_rec *r)
Link Here
|
| 4267 |
} |
4272 |
} |
| 4268 |
|
4273 |
|
| 4269 |
if ((r->unparsed_uri[0] == '*' && r->unparsed_uri[1] == '\0') |
4274 |
if ((r->unparsed_uri[0] == '*' && r->unparsed_uri[1] == '\0') |
| 4270 |
|| !r->uri || r->uri[0] != '/') { |
4275 |
|| !r->uri ) { |
|
|
4276 |
rewritelog((r, 2, NULL, "uri %s is considered a security risk", |
| 4277 |
r->uri ? r->uri : "<null>")); |
| 4271 |
return DECLINED; |
4278 |
return DECLINED; |
| 4272 |
} |
4279 |
} |
| 4273 |
|
4280 |
|
|
Lines 4327-4333
static int hook_uri2file(request_rec *r)
Link Here
|
| 4327 |
/* |
4334 |
/* |
| 4328 |
* now apply the rules ... |
4335 |
* now apply the rules ... |
| 4329 |
*/ |
4336 |
*/ |
| 4330 |
rulestatus = apply_rewrite_list(r, conf->rewriterules, NULL); |
4337 |
rulestatus = apply_rewrite_list(r, conf->rewriterules, NULL, |
|
|
4338 |
&uricheck); |
| 4331 |
apr_table_set(r->notes,"mod_rewrite_rewritten", |
4339 |
apr_table_set(r->notes,"mod_rewrite_rewritten", |
| 4332 |
apr_psprintf(r->pool,"%d",rulestatus)); |
4340 |
apr_psprintf(r->pool,"%d",rulestatus)); |
| 4333 |
} |
4341 |
} |
|
Lines 4363-4368
static int hook_uri2file(request_rec *r)
Link Here
|
| 4363 |
return HTTP_FORBIDDEN; |
4371 |
return HTTP_FORBIDDEN; |
| 4364 |
} |
4372 |
} |
| 4365 |
|
4373 |
|
|
|
4374 |
/* If the rewrite involved PROXY, and the URI seems to risk |
| 4375 |
* causing an issue mentioned in CVE-2011-4317, then |
| 4376 |
* FORBID the request. Just disabling the related [P] rewriterule |
| 4377 |
* could cause a later rule to run with unexpected results. |
| 4378 |
* Only do the blocking if the executed last rule was PROXY |
| 4379 |
*/ |
| 4380 |
if (r->uri[0] != '/') { |
| 4381 |
if (strncmp(r->uri, "http://" , 7) != 0 && |
| 4382 |
strncmp(r->uri, "https://", 8 )!= 0 && |
| 4383 |
uricheck == 1) { |
| 4384 |
rewritelog((r, 2, NULL, |
| 4385 |
"uri %s is considered a proxy security risk", |
| 4386 |
r->uri ? r->uri : "<null>")); |
| 4387 |
return HTTP_FORBIDDEN; |
| 4388 |
} |
| 4389 |
} |
| 4390 |
|
| 4366 |
if (rulestatus == ACTION_NOESCAPE) { |
4391 |
if (rulestatus == ACTION_NOESCAPE) { |
| 4367 |
apr_table_setn(r->notes, "proxy-nocanon", "1"); |
4392 |
apr_table_setn(r->notes, "proxy-nocanon", "1"); |
| 4368 |
} |
4393 |
} |
|
Lines 4521-4526
static int hook_fixup(request_rec *r)
Link Here
|
| 4521 |
int n; |
4546 |
int n; |
| 4522 |
char *ofilename; |
4547 |
char *ofilename; |
| 4523 |
int is_proxyreq; |
4548 |
int is_proxyreq; |
|
|
4549 |
int uricheck=0; /* True if the URI should be made to pass extra checks */ |
| 4550 |
|
| 4524 |
|
4551 |
|
| 4525 |
dconf = (rewrite_perdir_conf *)ap_get_module_config(r->per_dir_config, |
4552 |
dconf = (rewrite_perdir_conf *)ap_get_module_config(r->per_dir_config, |
| 4526 |
&rewrite_module); |
4553 |
&rewrite_module); |
|
Lines 4595-4601
static int hook_fixup(request_rec *r)
Link Here
|
| 4595 |
/* |
4622 |
/* |
| 4596 |
* now apply the rules ... |
4623 |
* now apply the rules ... |
| 4597 |
*/ |
4624 |
*/ |
| 4598 |
rulestatus = apply_rewrite_list(r, dconf->rewriterules, dconf->directory); |
4625 |
rulestatus = apply_rewrite_list(r, dconf->rewriterules, dconf->directory, |
|
|
4626 |
&uricheck); |
| 4599 |
if (rulestatus) { |
4627 |
if (rulestatus) { |
| 4600 |
unsigned skip; |
4628 |
unsigned skip; |
| 4601 |
|
4629 |
|