httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 32660] New: - Apache returning code when using the Location directive
Date Sun, 12 Dec 2004 20:03:31 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=32660>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=32660

           Summary: Apache returning code when using the Location directive
           Product: Apache httpd-2.0
           Version: 2.0.46
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: normal
          Priority: P2
         Component: All
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: aaflatooni@yasna.com


Hi,
This could be a security bug.

I am running apache and tomcat together. The Apache handles all the web 
traffic and passes the JSP files to the Tomcat workers. I have this configured 
in the virtualhost.

This is done using the following configuration in the httpd.conf.

<VirtualHost www.yasna.com:80>
    ServerAdmin support@yasna.com
    ServerName www.yasna.com
    ServerAlias yasna.com
    DocumentRoot /web/yasna
    ErrorLog /web/yasna/logs/og-error_log
    RewriteEngine On
    ErrorDocument 500 /error/index.html
    ErrorDocument 404 /error/notfound.html
    CustomLog /web/yasna/logs/og-access_log combined
        <Location "/*.jsp">
                JkUriSet worker ajp13:localhost:8009
        </Location>
        <Location "/servlet/*">
                JkUriSet worker ajp13:localhost:8009
        </Location>
</VirtualHost>

Everything is fine when I access the site using the http://www.yasna.com and 
all the jsp files are returning proper (parsed) pages. 

But if I access the site using the server alias http://yasna.com the jsp pages 
on the root directory is returned properly only. The pages in the sub-
directory returns the jsp code. To fix the problem I had to make modifications 
to the configuration and add the following lines:
        <Location "/*/*.jsp">
                JkUriSet worker ajp13:localhost:8009
        </Location>
        <Location "/*/*/*.jsp">
                JkUriSet worker ajp13:localhost:8009
        </Location>
And this works for me, as I only have 2 levels of subdirectories.
With the updated configuration everything is working now, but this is a 
serious problem. 

Please note that this problem exists only when I access the site using the 
server alias. When I access the site using http://www.yasna.com all the jsp 
files in all the directories are parsed by tomcat and returned properly.

Aflatoon

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message