Bug 57691 - mod_proxy/proxy_util confuses UDS scheme with HTTP scheme when using RewriteRule
Summary: mod_proxy/proxy_util confuses UDS scheme with HTTP scheme when using RewriteRule
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_rewrite (show other bugs)
Version: 2.4.12
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords: PatchAvailable
Depends on:
Blocks:
 
Reported: 2015-03-12 13:11 UTC by dferradal
Modified: 2020-11-14 10:59 UTC (History)
4 users (show)



Attachments
Patch to add unix: uris to be recognized as absolute paths (462 bytes, patch)
2020-06-03 20:52 UTC, Janne Peltonen
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description dferradal 2015-03-12 13:11:39 UTC
Problem: mod_proxy or proxy_util are confusing a fcgi with a http one

Scenario: The only scenario I have seen where that happens is when you proxy to uds through mod_rewrite.

Example:

ProxyPassMatch ^(.+\.php)(/.+)?$ "unix:/opt/apache/httpd/logs/fpm/owncloud.sock|fcgi://localhost/var/www/" <-- WILL WORK

In the same exact context (VirtualHost):
RewriteRule ^/(.+\.php)(/.+)?$ unix:/opt/apache/httpd/logs/fpm/owncloud.sock|fcgi://localhost/var/www/ [P,L] <-- it seems proxy_util will interpret the client is requesting:
/unix:/opt/apache/httpd/logs/fpm/owncloud.sock|fcgi://localhost/var/www/



As you can see in the trace log bellow it seems like a "/" has been prepended to the uds scheme turning it into a http scheme request:

[Tue Mar 10 20:54:07.372247 2015] [proxy:trace2] [pid 7006:tid 139906126960384] proxy_util.c(1976): [client masked:masked] *: using default reverse proxy worker for https://masked/unix:/opt/apache/httpd/logs/fpm/owncloud.sock%7Cfcgi://localhost/var/www/ (no keepalive)
[Tue Mar 10 20:54:07.372319 2015] [proxy:debug] [pid 7006:tid 139906126960384] mod_proxy.c(1163): [client masked:masked] AH01143: Running scheme https handler (attempt 0)
[Tue Mar 10 20:54:07.372353 2015] [proxy:debug] [pid 7006:tid 139906126960384] proxy_util.c(2193): [client masked:masked] AH00944: connecting https://masked/unix:/opt/apache/httpd/logs/fpm/owncloud.sock%7Cfcgi://localhost/var/www/ to masked:443
[Tue Mar 10 20:54:07.480068 2015] [proxy:debug] [pid 7006:tid 139906126960384] proxy_util.c(2394): [client masked:masked] AH00947: connected /unix:/opt/apache/httpd/logs/fpm/owncloud.sock%7Cfcgi://localhost/var/www/ to masked:443
[Tue Mar 10 20:54:07.480241 2015] [ssl:error] [pid 7006:tid 139906126960384] [remote 188.226.254.185:443] AH01961: SSL Proxy requested for masked:443 but not enabled [Hint: SSLProxyEngine]
[Tue Mar 10 20:54:07.480259 2015] [proxy:error] [pid 7006:tid 139906126960384] AH00961: HTTPS: failed to enable ssl support for masked:443 (masked)

Hope this helps.
Comment 1 Janne Peltonen 2020-06-03 20:46:48 UTC
Apparently, this is not a bug of mod_proxy but a bug of mod_rewrite. mod_rewrite contains the function is_absolute_uri, and in case an uri is not absolute, with the P flag, the uri will be passed on to the server itself as a relative uri. The function has an explicit list of absolute uri prefixes it recognizes, and "unix:" isn't contained in this list. This will lead to the behaviour noticed by the original reporter. I'll add a patch that solved the problem at least for me, by adding "unix:" as a recognized absolute uri scheme.
Comment 2 Janne Peltonen 2020-06-03 20:52:07 UTC
Created attachment 37289 [details]
Patch to add unix: uris to be recognized as absolute paths
Comment 3 Florian Wagner 2020-11-09 11:30:00 UTC
Hey Janne, I wanted to say thank you for your patch. It solves the problem for me, too.

When will this be included in a release?
Comment 4 Florian Wagner 2020-11-09 11:30:40 UTC
Hey Janne, I wanted to say thank you for your patch. It solves the problem for me, too.

When will this be included in a release?