Bug 63501 - PATH_MAX artificially restricts Location path matching length less than LimitRequestLine
Summary: PATH_MAX artificially restricts Location path matching length less than Limit...
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: Core (show other bugs)
Version: 2.4.39
Hardware: Other Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-06-13 16:29 UTC by mark
Modified: 2019-06-18 09:21 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description mark 2019-06-13 16:29:04 UTC
We see errors like

(36)File name too long: [client 10.240.105.17:0] AH00127: Cannot map GET /aveksa/nnnnnnnn.......nnn

when the PATH component is longer than 4096 characters but still under the LimitRequestLine.

This appears to be due to the situation outlined in https://stackoverflow.com/questions/5337891/apache-error-file-name-too-long-cannot-map-get

And filesystem path testing is done even though this URL would get handled by a Location directive to proxy the request.

IMO paths matching a Location directive should not get mapped to a filesystem path at all if a SetHandler is used. 

Filesystem limitations should be be applied to a request that will never go to the filesystem.
Comment 1 mark 2019-06-13 16:30:38 UTC
That last line should obviously read..

"Filesystem limitations should *NOT* be applied to a request that will never go to the filesystem."
Comment 2 mark 2019-06-16 11:19:09 UTC
Reviewing the code, this ap_core_translate only  seems to be called by mod_rewrite and mod_file_cache, and in this case I know that only mod_rewrite is turned on. So the question is, how do we avoid this code path when a path matches a Location directive.

https://github.com/apache/httpd/search?q=ap_core_translate&unscoped_q=ap_core_translate
Comment 3 Christophe JAILLET 2019-06-16 17:17:29 UTC
Turn back to 'Core' component.

'ap_core_translate()' is also defined in the 'translate_name' hook.
Unless you are sure that mod_rewrite is involved, it is likely not there that it is hit.

This hook is ran 'ap_run_translate_name()'.
Comment 4 mark 2019-06-17 21:26:16 UTC
Hi, yes, I just spotted that when I was testing without mod_rewrite. 

https://github.com/apache/httpd/blob/4c5c6c659d1e4ebe991f6f629a7cd8c017009a3b/server/core.c#L5900

So, what makes sense to do here? Somehow, when a <Location> matches and a handler is defined, ap_core_translate should be skipped?
Comment 5 Eric Covener 2019-06-17 21:30:33 UTC
(In reply to mark from comment #4)
> Hi, yes, I just spotted that when I was testing without mod_rewrite. 
> 
> https://github.com/apache/httpd/blob/
> 4c5c6c659d1e4ebe991f6f629a7cd8c017009a3b/server/core.c#L5900
> 
> So, what makes sense to do here? Somehow, when a <Location> matches and a
> handler is defined, ap_core_translate should be skipped?

The precedent in mod_proxy is that if you don't care about URI to filesystem mapping, you short-circuit it with your own translate_name that runs earlier.  Otherwise, the core doesn't know that a particular handler is going to use the output of the mapping just because it's not a static file -- for example the CGI handler uses the output to figure out what to execute.
Comment 6 mark 2019-06-17 21:45:52 UTC
Ok, thanks, in this case, the handler is the Oracle Webserver Weblogic plugin, https://docs.oracle.com/middleware/12211/webtier/develop-plugin/overview.htm#PLGWL391

So we should ask Oracle to update their plugin to include a translate_name handler. That sounds painful, but probably the only option.

I wonder if we should wrap our <Location> inside a <Proxy> or maybe just use Proxy. Can you use set-handler inside <Proxy>? I will peer at the docs.
Comment 7 William A. Rowe Jr. 2019-06-18 04:22:14 UTC
Actually, the hook map_to_storage is the final intercept point before httpd attempts to do this itself (which runs last if no module has reacted.)
Comment 8 Ruediger Pluem 2019-06-18 06:15:25 UTC
(In reply to mark from comment #6)
> Ok, thanks, in this case, the handler is the Oracle Webserver Weblogic
> plugin,
> https://docs.oracle.com/middleware/12211/webtier/develop-plugin/overview.
> htm#PLGWL391
> 
> So we should ask Oracle to update their plugin to include a translate_name
> handler. That sounds painful, but probably the only option.
> 
> I wonder if we should wrap our <Location> inside a <Proxy> or maybe just use
> Proxy. Can you use set-handler inside <Proxy>? I will peer at the docs.

Maybe a crazy idea, but if you write your own translate_name hook in lua?

http://httpd.apache.org/docs/2.4/mod/mod_lua.html#luahooktranslatename

Should be sufficient to return apache2.DECLINED for all but the URL's that should go to Weblogic and for the ones that should get there set r.filename to a dummy value (probably it is needed that this file exists and can be stated).
Comment 9 mark 2019-06-18 08:49:50 UTC
Looking at server-info I see the following for mod_weblogic

Module Name: mod_weblogic.c
Content handlers: yes
Configuration Phase Participation: Create Directory Config, Merge Directory Configs, Create Server Config, Merge Server Configs
Request Phase Participation: Translate Name, Map to Storage, Fixups, Content Handlers

In the hooks list:

Translate Name:
   00 mod_rewrite.c
   00 mod_proxy.c
   10 mod_alias.c
   10 mod_jk.c
   10 mod_weblogic.c
   30 core.c
Map to Storage:
   -10 core.c
   00 mod_proxy.c
   10 http_core.c
   10 http_core.c
   10 mod_jk.c
   10 mod_weblogic.c
   30 core.c

So I would interpret that as mod_weblogic actually inserting some hooks for both of those handler phases.

My instinct now is to ditch mod_weblogic for this case and use mod_proxy_balancer instead. Technically mod_weblogic does the same job as mod_proxy_balancer, just with some Weblogic custom behaviours that may not be necessary here.
Comment 10 mark 2019-06-18 09:21:52 UTC
https://docs.oracle.com/middleware/12213/webtier/develop-plugin/plugin_params.htm#PLGWL4398  

WLForwardUriUnparsed

Default: OFF

Applies to: Oracle HTTP Server, Apache HTTP Server

When set to ON, the WLS plug-in will forward the original URI from the client to WebLogic Server. When set to OFF (default), the URI sent to WebLogic Server is subject to modification by mod_rewrite or other web server plug-in modules.

might also help