Bug 44803 - Path info is decoded too soon
Summary: Path info is decoded too soon
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_proxy (show other bugs)
Version: 2.2.8
Hardware: PC Windows XP
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Keywords: FixedInTrunk, PatchAvailable
Depends on:
Reported: 2008-04-10 15:09 UTC by Jess Holle
Modified: 2008-06-05 05:50 UTC (History)
2 users (show)

Patch against trunk (2.54 KB, patch)
2008-04-17 05:42 UTC, Ruediger Pluem
Details | Diff
Patch against trunk (2.73 KB, patch)
2008-04-19 11:54 UTC, Ruediger Pluem
Details | Diff
Patch against trunk to mod_proxy_balancer (1.17 KB, patch)
2008-05-27 14:29 UTC, Ruediger Pluem
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jess Holle 2008-04-10 15:09:25 UTC
For the request:


The expected result of HttpServletRequest.getPathInfo() is


The actual result in Tomcat 6.0.16 when using Apache 2.2.8 and mod_proxy_ajp, is:


Also note that the %3B is already converted into a ";" character in the results of
HttpServletRequest.getRequestURI(), which is also quite incorrect.  Essentially the request URI is being decoded too early.

mod_jk provided options like "JkOptions +ForwardURIEscaped" (and +ForwardURICompatUnparsed) to avoid this issue.  mod_proxy_ajp provides no such option.  This is a *very* serious omission in that it makes it impossible to get correct behavior for this use case in Tomcat and other servlet engines when fronted by mod_proxy_ajp.

I'd very much appreciate a patch for this (and would test it, of course).
Comment 1 Ruediger Pluem 2008-04-10 23:24:26 UTC
Please provide your proxy configuration.
Comment 2 Jess Holle 2008-04-11 03:55:28 UTC
Proxy configuration is:

<Proxy balancer://ajpWorker>
    BalancerMember ajp://localhost:8010 min=16 max=80 smax=40 ttl=900 keepalive=Off timeout=90000 retry=1 flushpackets=on  

RewriteEngine on
RewriteRule ^(/MyWebApp/(.*\.jsp(.*)|servlet/.*|.*\.jar))$ balancer://ajpWorker$1 [P]

This routes JSP, servlet, and .jar requests through Tomcat and lets Apache handle everything else.
Comment 3 Jess Holle 2008-04-11 06:20:18 UTC
By the way, we use

  JkOptions +ForwardURIEscaped

where we use mod_jk -- and that seems to work fine.
Comment 4 jfclere 2008-04-15 05:20:04 UTC
If you use:
RewriteRule ^(/myapp/(.*\.jsp(.*)|servlet/.*|.*\.jar))$ http://example.com/$1 [R=302,L]

You get: (404)
The requested URL /myapp/servlet/foo;bar was not found on this server.
Comment 5 Jess Holle 2008-04-15 05:29:09 UTC
The rewrite rule most certainly gets us to Tomcat for URLs like that originally sited -- except that I unfortunately changed caps between my examples, i.e. the original URL should have been:


Given that I used "MyWebApp", not "mywebapp" in the rewrite rule.
Comment 6 Ruediger Pluem 2008-04-17 05:42:31 UTC
Created attachment 21826 [details]
Patch against trunk

With this patch

ProxyPass(Match) /somewhere scheme://host/someplace nocanon

should work fine.
Comment 7 Ruediger Pluem 2008-04-19 11:54:59 UTC
Created attachment 21833 [details]
Patch against trunk

If it is not to late, please use this patch for testing if should contain our final thoughts on this issue. It is a diff of r649168 - r649840 of modules/proxy.
Comment 8 Dan Stusynski 2008-05-27 13:38:48 UTC
After applying the supplied patch (for mod_proxy_http.c and mod_proxy_ajp.c) against the 2.2.8 source I ran into an issue while testing the use of ProxyPassMatch. I did not test the mod_proxy_fcgi.c patch as we do not use, nor build fcgi.

The directive being used is: 

<IfModule mod_proxy_ajp.c>
   ProxyPassMatch ^(/Windchill/(.*\.jsp(.*)|servlet/.*|.*\.jar))$ balancer://ajpWorker$1 nocanon

The balancer configuration is:
<Proxy balancer://ajpWorker>

    BalancerMember ajp://localhost:8010 min=16 max=80 smax=40 ttl=900 keepalive=Off timeout=90000 retry=1 flushpackets=on

The issue is that the use of nocanon causes the URL to be rewritten incorrectly. A request to //ajpWorker/Windchill/netmarkets/jsp/product/list.jsp?tab=product&u8=1
was rewritten to ajp://localhost:8010/Windchill/netmarkets/jsp/product/list.jsp%3Ftab=product&u8=1?tab=product&u8=1

This resulted in a 404 from Tomcat. Removing the nocanon fixed the issue.
Comment 9 Ruediger Pluem 2008-05-27 14:29:19 UTC
Created attachment 22020 [details]
Patch against trunk to mod_proxy_balancer

Can you please check the attached patch in addition to the other patches?
Comment 10 Dan Stusynski 2008-05-29 07:49:31 UTC
The two patches combined, dated 2008-04-19 11:54 PST and 2008-05-27 14:29 PST respectively, seem to have done the trick.

Results of a request to: http://host/dir/servlet/dir/dir/random%3Btest/okay?foo=bar 

The HttpServletRequest.getPathInfo call returns :/dir/dir/random;test/okay: 
The HttpServletRequest.getRequestURI call returns: :/dir/servlet/dir/dir/random%3Btest/okay: 

So it appears to be in working order.

Also, the previously noted issue with nocanon improperly rewriting the URL was also corrected with the latter patch against mod_proxy_balancer.c.
Comment 11 Ruediger Pluem 2008-05-29 12:55:24 UTC
Thanks for testing. Latest patch committed to trunk as r661452 (http://svn.apache.org/viewvc?view=rev&revision=661452).
Comment 12 Ruediger Pluem 2008-05-29 13:33:40 UTC
Proposed for backport as r661465
Comment 13 Ruediger Pluem 2008-06-05 05:50:36 UTC
Backported to 2.2.x as r663593