Lines 3995-4001
static int apply_rewrite_rule(rewriterul
Link Here
|
3995 |
* i.e. a list of rewrite rules |
3995 |
* i.e. a list of rewrite rules |
3996 |
*/ |
3996 |
*/ |
3997 |
static int apply_rewrite_list(request_rec *r, apr_array_header_t *rewriterules, |
3997 |
static int apply_rewrite_list(request_rec *r, apr_array_header_t *rewriterules, |
3998 |
char *perdir) |
3998 |
char *perdir, int *uricheck) |
3999 |
{ |
3999 |
{ |
4000 |
rewriterule_entry *entries; |
4000 |
rewriterule_entry *entries; |
4001 |
rewriterule_entry *p; |
4001 |
rewriterule_entry *p; |
Lines 4008-4013
static int apply_rewrite_list(request_re
Link Here
|
4008 |
ctx = apr_palloc(r->pool, sizeof(*ctx)); |
4008 |
ctx = apr_palloc(r->pool, sizeof(*ctx)); |
4009 |
ctx->perdir = perdir; |
4009 |
ctx->perdir = perdir; |
4010 |
ctx->r = r; |
4010 |
ctx->r = r; |
|
|
4011 |
*uricheck=0; /* True if the URI should be made to pass extra checks */ |
4011 |
|
4012 |
|
4012 |
/* |
4013 |
/* |
4013 |
* Iterate over all existing rules |
4014 |
* Iterate over all existing rules |
Lines 4079-4084
static int apply_rewrite_list(request_re
Link Here
|
4079 |
* last-rule and new-round flags. |
4080 |
* last-rule and new-round flags. |
4080 |
*/ |
4081 |
*/ |
4081 |
if (p->flags & (RULEFLAG_PROXY | RULEFLAG_LASTRULE)) { |
4082 |
if (p->flags & (RULEFLAG_PROXY | RULEFLAG_LASTRULE)) { |
|
|
4083 |
if (p->flags & RULEFLAG_PROXY) { |
4084 |
*uricheck=1; |
4085 |
} |
4082 |
break; |
4086 |
break; |
4083 |
} |
4087 |
} |
4084 |
|
4088 |
|
Lines 4240-4245
static int hook_uri2file(request_rec *r)
Link Here
|
4240 |
const char *thisurl; |
4244 |
const char *thisurl; |
4241 |
unsigned int port; |
4245 |
unsigned int port; |
4242 |
int rulestatus; |
4246 |
int rulestatus; |
|
|
4247 |
int uricheck=0; /* True if the URI should be made to pass extra checks */ |
4243 |
|
4248 |
|
4244 |
/* |
4249 |
/* |
4245 |
* retrieve the config structures |
4250 |
* retrieve the config structures |
Lines 4267-4273
static int hook_uri2file(request_rec *r)
Link Here
|
4267 |
} |
4272 |
} |
4268 |
|
4273 |
|
4269 |
if ((r->unparsed_uri[0] == '*' && r->unparsed_uri[1] == '\0') |
4274 |
if ((r->unparsed_uri[0] == '*' && r->unparsed_uri[1] == '\0') |
4270 |
|| !r->uri || r->uri[0] != '/') { |
4275 |
|| !r->uri ) { |
|
|
4276 |
rewritelog((r, 2, NULL, "uri %s is considered a security risk", |
4277 |
r->uri ? r->uri : "<null>")); |
4271 |
return DECLINED; |
4278 |
return DECLINED; |
4272 |
} |
4279 |
} |
4273 |
|
4280 |
|
Lines 4327-4333
static int hook_uri2file(request_rec *r)
Link Here
|
4327 |
/* |
4334 |
/* |
4328 |
* now apply the rules ... |
4335 |
* now apply the rules ... |
4329 |
*/ |
4336 |
*/ |
4330 |
rulestatus = apply_rewrite_list(r, conf->rewriterules, NULL); |
4337 |
rulestatus = apply_rewrite_list(r, conf->rewriterules, NULL, |
|
|
4338 |
&uricheck); |
4331 |
apr_table_set(r->notes,"mod_rewrite_rewritten", |
4339 |
apr_table_set(r->notes,"mod_rewrite_rewritten", |
4332 |
apr_psprintf(r->pool,"%d",rulestatus)); |
4340 |
apr_psprintf(r->pool,"%d",rulestatus)); |
4333 |
} |
4341 |
} |
Lines 4363-4368
static int hook_uri2file(request_rec *r)
Link Here
|
4363 |
return HTTP_FORBIDDEN; |
4371 |
return HTTP_FORBIDDEN; |
4364 |
} |
4372 |
} |
4365 |
|
4373 |
|
|
|
4374 |
/* If the rewrite involved PROXY, and the URI seems to risk |
4375 |
* causing an issue mentioned in CVE-2011-4317, then |
4376 |
* FORBID the request. Just disabling the related [P] rewriterule |
4377 |
* could cause a later rule to run with unexpected results. |
4378 |
* Only do the blocking if the executed last rule was PROXY |
4379 |
*/ |
4380 |
if (r->uri[0] != '/') { |
4381 |
if (strncmp(r->uri, "http://" , 7) != 0 && |
4382 |
strncmp(r->uri, "https://", 8 )!= 0 && |
4383 |
uricheck == 1) { |
4384 |
rewritelog((r, 2, NULL, |
4385 |
"uri %s is considered a proxy security risk", |
4386 |
r->uri ? r->uri : "<null>")); |
4387 |
return HTTP_FORBIDDEN; |
4388 |
} |
4389 |
} |
4390 |
|
4366 |
if (rulestatus == ACTION_NOESCAPE) { |
4391 |
if (rulestatus == ACTION_NOESCAPE) { |
4367 |
apr_table_setn(r->notes, "proxy-nocanon", "1"); |
4392 |
apr_table_setn(r->notes, "proxy-nocanon", "1"); |
4368 |
} |
4393 |
} |
Lines 4521-4526
static int hook_fixup(request_rec *r)
Link Here
|
4521 |
int n; |
4546 |
int n; |
4522 |
char *ofilename; |
4547 |
char *ofilename; |
4523 |
int is_proxyreq; |
4548 |
int is_proxyreq; |
|
|
4549 |
int uricheck=0; /* True if the URI should be made to pass extra checks */ |
4550 |
|
4524 |
|
4551 |
|
4525 |
dconf = (rewrite_perdir_conf *)ap_get_module_config(r->per_dir_config, |
4552 |
dconf = (rewrite_perdir_conf *)ap_get_module_config(r->per_dir_config, |
4526 |
&rewrite_module); |
4553 |
&rewrite_module); |
Lines 4595-4601
static int hook_fixup(request_rec *r)
Link Here
|
4595 |
/* |
4622 |
/* |
4596 |
* now apply the rules ... |
4623 |
* now apply the rules ... |
4597 |
*/ |
4624 |
*/ |
4598 |
rulestatus = apply_rewrite_list(r, dconf->rewriterules, dconf->directory); |
4625 |
rulestatus = apply_rewrite_list(r, dconf->rewriterules, dconf->directory, |
|
|
4626 |
&uricheck); |
4599 |
if (rulestatus) { |
4627 |
if (rulestatus) { |
4600 |
unsigned skip; |
4628 |
unsigned skip; |
4601 |
|
4629 |
|