Bug 47928

Summary: CONNECT requests get fully qualified and therefore do not work
Product: Apache httpd-2 Reporter: billz <billz>
Component: mod_rewriteAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: RESOLVED FIXED    
Severity: normal Keywords: FixedInTrunk
Priority: P2    
Version: 2.2.14   
Target Milestone: ---   
Hardware: All   
OS: All   
Attachments: Do not fully qualify the substitution string for CONNECT method

Description billz 2009-10-01 15:31:39 UTC
When mod_rewrite proxies a CONNECT request, it fully qualifies the substitution string.  The result is a failed connection to the originally requested server instead of the proxy server.

TEST CASE:
curl -x http://myproxyserver.com:9080 https://mysslserver.com

EXAMPLE APACHE CONFIG:
Listen 9080
NameVirtualHost *:9080
<VirtualHost *:9080>
    ServerName myproxyserver.com
    AllowCONNECT 8888
    RewriteEngine On

    RewriteCond %{REQUEST_METHOD} ^CONNECT$ [NC]
    RewriteCond %{HTTP_HOST} ^mysslserver.com:443$
    RewriteRule ^(.*)$ myqasslserver.com:8888 [P]
</VirtualHost>

RESULT:
The method fully_qualify_uri changes the substitution string from: 
myqasslserver.com:8888
to: 
http://mysslserver.com:443/myqasslserver.com:8888
Comment 1 billz 2009-10-01 15:44:19 UTC
Created attachment 24329 [details]
Do not fully qualify the substitution string for CONNECT method
Comment 2 Graham Leggett 2009-10-05 14:22:10 UTC
Applied to httpd-trunk in r822004.
Comment 3 billz 2009-10-26 09:56:11 UTC
Is there a way to get this committed to the 2.2.x branch also?

That's what the patch was created against.

(In reply to comment #2)
> Applied to httpd-trunk in r822004.
Comment 4 Ruediger Pluem 2009-10-26 13:19:13 UTC
(In reply to comment #3)
> Is there a way to get this committed to the 2.2.x branch also?
> 

See http://svn.apache.org/viewvc?rev=829677&view=rev
Comment 5 Stefan Fritsch 2009-11-02 14:06:43 UTC
backported to 2.2.x in r832124, will be in 2.2.15