httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 50589] New: Tilde characters are ALWAYS escaped by mod_proxy in Apache 2.0.x
Date Sat, 15 Jan 2011 02:40:45 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=50589

           Summary: Tilde characters are ALWAYS escaped by mod_proxy in
                    Apache 2.0.x
           Product: Apache httpd-2
           Version: 2.0.64
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: trivial
          Priority: P2
         Component: mod_proxy
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: tzenes@gmail.com


I've been using Apache's mod_proxy module recently when I came across a bug.

Addresses of the form:
www.zappos.com/donald-j-pliner-womens-boots~2

were being converted to
www.zappos.com/donald-j-pliner-womens-boots%7E2

When the Zappos servers see a url with %7E in them it will respond
with an HTTP 301 Moved Permanently to the same url with a decoded ~.
Tshark dump follows:

Hypertext Transfer Protocol
   HTTP/1.1 301 Moved Permanently\r\n
       [Expert Info (Chat/Sequence): HTTP/1.1 301 Moved Permanently\r\n]
           [Message: HTTP/1.1 301 Moved Permanently\r\n]
           [Severity level: Chat]
           [Group: Sequence]
       Request Version: HTTP/1.1
       Response Code: 301
   Server: nginx/0.8.34\r\n
   Content-Type: text/html\r\n
   Content-Length: 185\r\n
       [Content length: 185]
   Location: /donald-j-pliner-womens-boots~2\r\n
   X-Core-Value: 6. Build Open and Honest Relationships With Communication\r\n
   X-Recruiting: If you're reading this, maybe you should be working
at Zappos instead.  Check out jobs.zappos.com\r\n
   Vary: Accept-Encoding\r\n
   Date: Fri, 14 Jan 2011 00:33:56 GMT\r\n
   Connection: close\r\n
   \r\n
Line-based text data: text/html
   <html>\r\n
   <head><title>301 Moved Permanently</title></head>\r\n
   <body bgcolor="white">\r\n
   <center><h1>301 Moved Permanently</h1></center>\r\n
   <hr><center>nginx/0.8.34</center>\r\n
   </body>\r\n
   </html>\r\n


Because mod_proxy will always escape ~ into %7E this will quickly lead
to an infinite redirect loop (luckily most applications will get the
hint quickly).

I dug into why this is and came up with the following message:
http://marc.info/?l=apache-bugdb&m=99926707930303&w=2

Digging further I even found a commit to the Apache 2.2 branch:
http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/proxy_util.c?view=log&pathrev=571456

However, when I looked for a similar change in Apache 2.0.64 I notice
it was not present
http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/modules/proxy/proxy_util.c?revision=563329&view=markup
line 137

I assume it just never got back-ported.

I went to file a bug on the Apache website, but it suggested I ping
this mailing list first (http://httpd.apache.org/bug_report.html)

While Zappos' redirection is non-standard, forcing the URLEncoding of
the tilde character is not in keeping with RFC 2396 which supersedes
RFC 1738 and specifically states:

2.3. Unreserved Characters

  Data characters that are allowed in a URI but do not have a reserved
  purpose are called unreserved.  These include upper and lower case
  letters, decimal digits, and a limited set of punctuation marks and
  symbols.

     unreserved  = alphanum | mark

     mark        = "-" | "_" | "." | "!" | "~" | "*" | "'" | "(" | ")"

  Unreserved characters can be escaped without changing the semantics
  of the URI, but this should not be done unless the URI is being used
  in a context that does not allow the unescaped character to appear.

There for, I would recommend a similar change to Apache 2.0.x's
proxy_util.c in keeping with Apache 2.2.x's revision 571436.

Specifically, line 137, which reads:

   allowed = "$-_.+!*'(),;:@&=";

should read:

   allowed = "~$-_.+!*'(),;:@&=";

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message