httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 41798] New: - mod_proxy rewrites url paths badly
Date Fri, 09 Mar 2007 10:20:45 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41798>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41798

           Summary: mod_proxy rewrites url paths badly
           Product: Apache httpd-2
           Version: 2.2.0
          Platform: All
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_proxy
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: apache-dev@lists.grepular.com


This is related to bugs 39746 and 38448.

After turning on AllowEncodedSlashes,
Apache lets us use percent encoded forward slashes in the path. Eg:

"http://foo/hello%2Fworld"

When using "ProxyPass / http://bar/"

mod_proxy makes a request for:

"http://bar/hello/world"

That is wrong as I understand it. The forward slash at the end should
be encoded still.

RFC-1738, section 3.3 regarding HTTP URLs:

"Within the <path> and <searchpart> components, "/", ";", "?" are
reserved. The "/" character may be used within HTTP to designate a
hierarchical structure."

So... The forward slash is a reserved character. Section 2.2 says the
following about reserved characters:

"If the character corresponding to an octet is reserved in a scheme, the
octet must be encoded."

So as far as I can see http://foo/hello%2Fworld and
http://foo/hello/world are distinctly different HTTP URLs that should be
allowed to behave differently. Just because Apache treats them the same
when serving local content, doesn't mean that other servers do when you're
proxying the request to them, so I don't think the path should be rewritten
in the way mod_proxy is doing it...

Perhaps there should be an option called something like
"ProxyPreservePathEncoding" which when turned on, means that *no*
encoding/decoding of the path in the url is performed before it is proxied...

If my browser makes a request for "http://foo/hello%2Fworld" and I have
"ProxyPass / http://bar/" I *expect* it to call "http://bar/hello%2Fworld" not
"http://bar/hello/world" as it does currently. It *should* be the default
behaviour, but that would probably not be backwards compatible.

Mike

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message