Created attachment 26733 [details] Perl script for a test SCGI server that returns the environment passed to it by mod_proxy_scgi mod_proxy_scgi in trunk currently sets PATH_INFO, SCRIPT_NAME, and PATH_TRANSLATED incorrectly per RFC 3875 (CGI 1.1). This bug report is for completeness and consistency with respect to the fix for bug 50851. To reproduce the problem, run the attached 28 line Perl script, which will create an SCGI server listening on port 4000. This SCGI server just returns environment variables passed to it by mod_proxy_scgi. Then configure mod_proxy_scgi with ProxyPass /scgi-test/ scgi://127.0.0.1:4000/www/perl-ssl/ This presumes that a directory /www/perl-ssl exists in the filesystem, under which are Perl scripts executed by the SCGI server. However, the SCGI server in the attachment does not actually execute external scripts and hence the directory /www/perl-ssl does not need to exist. When the end user requests https://f14dev1.catseye.org/scgi-test/some-script.pl/extra/stuff?foo=1&bar=2 mod_proxy_scgi passes the following environment variables to the SCGI server: CONTENT_LENGTH="0" DOCUMENT_ROOT="/www/html-ssl" HTTPS="on" HTTP_ACCEPT="text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" HTTP_ACCEPT_CHARSET="ISO-8859-1,utf-8;q=0.7,*;q=0.7" HTTP_ACCEPT_ENCODING="gzip,deflate" HTTP_ACCEPT_LANGUAGE="en-us,en;q=0.7,ja;q=0.3" HTTP_CONNECTION="keep-alive" HTTP_HOST="f14dev1.catseye.org" HTTP_KEEP_ALIVE="115" HTTP_USER_AGENT="Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15" PATH="/sbin:/usr/sbin:/bin:/usr/bin" PATH_INFO="/www/perl-ssl/some-script.pl/extra/stuff" PATH_TRANSLATED="/www/html-ssl/www/perl-ssl/some-script.pl/extra/stuff" QUERY_STRING="foo=1&bar=2" REMOTE_ADDR="172.16.168.1" REMOTE_PORT="49651" REMOTE_USER="markmont" REQUEST_METHOD="GET" REQUEST_SCHEME="https" REQUEST_URI="/scgi-test/some-script.pl/extra/stuff?foo=1&bar=2" SCGI="1" SCRIPT_FILENAME="proxy:scgi://127.0.0.1:4000/www/perl-ssl/some-script.pl/extra/stuff" SCRIPT_NAME="/scgi-test" SERVER_ADDR="172.16.168.128" SERVER_ADMIN="webmaster@catseye.org" SERVER_NAME="f14dev1.catseye.org" SERVER_PORT="443" SERVER_PROTOCOL="HTTP/1.1" SERVER_SIGNATURE="<address>Apache/2.3.12-dev (Fedora) Server at <a href=\"mailto:webmaster@catseye.org\">f14dev1.catseye.org</a> Port 443</address>\n" SERVER_SOFTWARE="Apache/2.3.12-dev (Fedora)" SSL_TLS_SNI="f14dev1.catseye.org" This violates the requirement for script-URI in section 3.3 of RFC 3875, resulting in a script-URI of https://f14dev1.catseye.org:443/scgi-test/www/perl-ssl/some-script.pl/extra/stuff?foo=1&bar=2 instead of the correct script-URI, which is https://f14dev1.catseye.org:443/scgi-test/some-script.pl/extra/stuff?foo=1&bar=2 See bug 50851 for additional discussion.
Created attachment 26734 [details] Prevent mod_proxy_scgi from setting PATH_INFO unless requested The attached patch fixes the problem with mod_proxy_scgi in the same way that r1078089 fixes the same problem for mod_proxy_fcgi. Thanks to Jim Jagielski for creating the mod_proxy_fcgi patch. A new mod_proxy_scgi env-var, proxy-scgi-pathinfo, allows for PATH_INFO to be exposed. Otherwise, it's not. See bug 50581 for additional details and discussion. I have looked for other modules with similar problems and have not found any.
r1124979