Bug 64365

Created attachment 37183 [details]
A patch that appears to fix the problem for me

Context
=======
The ProxyFCGISetEnvIf directive allows overriding variables sent to FastCGI servers. It comes in two forms:
* Setting   variables, taking 3 arguments: ProxyFCGISetEnvIf <condition> <varname> <value>
* Unsetting variables, taking 2 arguments: ProxyFCGISetEnvIf <condition> !<varname>

The Bug
=======
When using the directive's second form, the variable is always unset, ignoring the condition.

Steps to Reproduce
==================
1. Try unsetting a FastCGI variable conditionally, or (for purpose of demonstration) even with a condition of "false".
    Examples:
        ProxyFCGISetEnvIf "false" !SERVER_SOFTWARE
        ProxyFCGISetEnvIf "%{QUERY_STRING} =~ /hello/" !SERVER_SOFTWARE
        ProxyFCGISetEnvIf "-z reqenv('cloudflare')" !HTTP_CF_CONNECTING_IP
2. Observe the specified variables being unset even if the condition evaluates to false.
    Example PHP script:
        <?php var_dump($_SERVER['SERVER_SOFTWARE']);
    Example output:
        NULL
    Expected output:
        string(6) "Apache"
Note that the example directive conditions above work as expected when used with setting instead of unsetting variables.

Proposed Solution
=================
I looked into the code (functions "cmd_setenv" and "fix_cgivars" in "modules/proxy/mod_proxy_fcgi.c") and it appears the condition is correctly parsed but during request handling unsetting takes precedence over even evaluating the condition, see line 178.

I created a small patch (see attachment) which appears to fix the problem for me, but it would be good if someone familiar with the code took a look.

As far as I can tell, both the problem and my patch apply to all versions of httpd since the ProxyFCGISetEnvIf directive was introduced in version 2.4.26, including the current development version.