Bug 55315 - error in ProxyPass URL parsing with interpolation
Summary: error in ProxyPass URL parsing with interpolation
Status: CLOSED WONTFIX
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_proxy (show other bugs)
Version: 2.2.25
Hardware: PC All
: P2 regression (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords: PatchAvailable
Depends on:
Blocks:
 
Reported: 2013-07-26 21:18 UTC by Jason Guild
Modified: 2016-02-16 14:53 UTC (History)
0 users



Attachments
A quick patch to allow mod_proxy interpolation characters through URI parsing (3.18 KB, patch)
2013-08-13 20:02 UTC, Mike Rumph
Details | Diff
A patch to support interpolation within the scheme portion of a URL (6.27 KB, patch)
2013-08-28 16:27 UTC, Mike Rumph
Details | Diff
Alternative patch that doesn't change the httpd API (1.59 KB, patch)
2013-09-04 20:54 UTC, Mike Rumph
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jason Guild 2013-07-26 21:18:04 UTC
Possible parsing regression in mod_proxy regarding interpolation of environment variables into URLs specified in ProxyPass and ProxyPassReverse directives.

I have a virtual host which acts as a reverse proxy to an application 
running elsewhere which must preserve the protocol used by the incoming request (HTTP or HTTPS) when making the proxied request.

This was accomplished easily in httpd 2.2.21 with the following statements:

     ProxyPassInterpolateEnv On
     RewriteEngine On

     RewriteCond %{HTTPS} =off
     RewriteRule . - [E=protocol:http]
     RewriteCond %{HTTPS} =on
     RewriteRule . - [E=protocol:https]

     ProxyPass /my_app/ ${protocol}://1.2.3.4/my_app/ interpolate
     ProxyPassReverse /my_app/ ${protocol}://1.2.3.4/my_app/ interpolate

When I upgraded to httpd 2.2.25, the server now chokes on parsing the 
URLs of the ProxyPass and ProxyPassReverse statements above.
Removing the ${protocol} from those URLs allows the server to start.

I am using the official binary distribution of httpd available from:
http://www.us.apache.org/dist//httpd/binaries/win32/httpd-2.2.25-win32-x86-openssl-0.9.8y.msi

I just downgraded to the last official win32 binary for 2.2.22 and I can confirm that this problem does not exist there.
Comment 1 Mike Rumph 2013-08-09 18:01:46 UTC
My tests have confirmed that the same result occurs on Linux.

Running Apache httpd 2.2.22 with the described configuration successfully proxies over to the target server.

Running Apache httpd 2.2.25 fails to start.
- $bin/apachectl -k start
  - Syntax error of line n of .../conf/httpd.conf:
  - ProxyPass Unable to parse URL
And replacing the ${protocol} with http allows the server to start and successfully proxies over to the target server.
Comment 2 Mike Rumph 2013-08-13 20:02:54 UTC
Created attachment 30727 [details]
A quick patch to allow mod_proxy interpolation characters through URI parsing

This bug is described as a regression in Apache httpd 2.2.25.
But it is actually a regression in Apache APR-util 1.5.2.
The regression occurs as result of the fix for APR-util bug 52479.
The apr_uri_parse function in apr-util/uri/apr_uri.c was no longer allowing the mod_proxy interpolation characters to pass through unaltered.

I have attached a patch that allows the characters to pass through clean.
The listed directives will now work as the reporter expected.
Comment 3 Mike Rumph 2013-08-28 16:27:50 UTC
Created attachment 30777 [details]
A patch to support interpolation within the scheme portion of a URL

Since the URL validation in the apr_uri_parse function in util/apr_uri.c has become more strict in how the scheme portion is handled, I am submitting a patch to the mod_proxy code to handle the special case of interpolating a variable in the scheme portion of a URL.

This patch is against httpd trunk.
Comment 4 Mike Rumph 2013-09-04 20:54:26 UTC
Created attachment 30799 [details]
Alternative patch that doesn't change the httpd API

It was pointed out on the httpd dev mailing list that the previous patch can not be applied to the branches, since it changes the API by adding a parameter.

So I've submitted an alternative patch that is applied directly against add_pass() in mod_proxy.c.
Comment 5 Jeff Trawick 2013-10-16 17:40:04 UTC
Lack of support for interpolation within scheme will be a permanent limitation.  An alternate configuration mechanism for switching between http and https is now provided in the documentation, along with a statement for lack of support.

Trunk: http://svn.apache.org/r1532816
2.4.x branch: http://svn.apache.org/r1532824
2.2.x branch:  http://svn.apache.org/r1532825
Comment 6 Alexey 2016-02-16 14:53:42 UTC
Hi, so that is not working in httpd-2.2.15-47.el6.centos.3.x86_64 as well.
With that being said
http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy.xml?r1=1532825&r2=1532824&pathrev=1532825

Means that only way for making dynamic proxy for websockets in 2.2 is to patch mod_rewrite.

https://bz.apache.org/bugzilla/show_bug.cgi?id=55598