Summary: | mod_proxy alters URIs when acting as a reverse proxy | ||
---|---|---|---|
Product: | Apache httpd-2 | Reporter: | Phil Gregory <phil_g> |
Component: | mod_proxy | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | drich, joshua.hirsh, kreucher, S.masfoq, sas_gorlenko |
Priority: | P3 | ||
Version: | 2.0.43 | ||
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | Linux |
Description
Phil Gregory
2002-12-10 01:58:06 UTC
A reverse proxy doesn't need to be transparent. It may be as well a caching proxy, that approached the backend server only if it doens't have a fresh copy of the requested object. There fore, it MAY alter the URL. However, there is a bug in this alteration: In the reverse proxy case, unescaping is done twice. In the first unesacping, the core does this for any non-proxy request. However, this is done before reverse proxy requests are identified by matching the URL with ProxyPass directives. Therefore, the second unescaping, in the function ap_proxy_canonenc in proxy_util.c, should be done only for a standard proxy, and not for a reverse proxy, and the line if (isenc && ch == '%') { (proxy_util.c:206 in httpd_2.0.45) should be replaced by if (isenc == PROXYREQ_PROXY && ch == '%') { *** Bug 24873 has been marked as a duplicate of this bug. *** *** Bug 18564 has been marked as a duplicate of this bug. *** Fix now committed to HEAD (subject to review) This bug still exists as of 2.0.53. The suggested patch in proxy_util.c from Zvi Har'El, listed below, corrects the problem for me: if (isenc == PROXYREQ_PROXY && ch == '%') { To reproduce the bug, I setup a Reverse Proxy and use the following urls for testing: http://1.2.3.4/% -Returns bad request http://1.2.3.4/%25 -Works http://1.2.3.4/proxy/% -Returns bad request http://1.2.3.4/proxy/%25 -Returns bad request After the patch, the last example works properly. I have also the same problem with apache 2.0.54, is there any plan to fix it in the next release? thanks Fixed for 2.0.55: http://svn.apache.org/viewcvs.cgi?rev=227435&view=rev |