httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 50880] New: mod_proxy_scgi does not comply with RFC 3875 (CGI 1.1)
Date Sun, 06 Mar 2011 17:34:26 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=50880

           Summary: mod_proxy_scgi does not comply with RFC 3875 (CGI 1.1)
           Product: Apache httpd-2
           Version: 2.3-HEAD
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: minor
          Priority: P2
         Component: Other Modules
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: mark@catseye.org


Created an attachment (id=26733)
 --> (https://issues.apache.org/bugzilla/attachment.cgi?id=26733)
Perl script for a test SCGI server that returns the environment passed to it by
mod_proxy_scgi

mod_proxy_scgi in trunk currently sets PATH_INFO, SCRIPT_NAME, and
PATH_TRANSLATED incorrectly per RFC 3875 (CGI 1.1).

This bug report is for completeness and consistency with respect to
the fix for bug 50851.

To reproduce the problem, run the attached 28 line Perl script, which
will create an SCGI server listening on port 4000.  This SCGI server
just returns environment variables passed to it by mod_proxy_scgi.
Then configure mod_proxy_scgi with

ProxyPass /scgi-test/ scgi://127.0.0.1:4000/www/perl-ssl/

This presumes that a directory /www/perl-ssl exists in the filesystem,
under which are Perl scripts executed by the SCGI server.  However,
the SCGI server in the attachment does not actually execute external
scripts and hence the directory /www/perl-ssl does not need to exist.

When the end user requests

https://f14dev1.catseye.org/scgi-test/some-script.pl/extra/stuff?foo=1&bar=2

mod_proxy_scgi passes the following environment variables to the SCGI server:

CONTENT_LENGTH="0"
DOCUMENT_ROOT="/www/html-ssl"
HTTPS="on"
HTTP_ACCEPT="text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
HTTP_ACCEPT_CHARSET="ISO-8859-1,utf-8;q=0.7,*;q=0.7"
HTTP_ACCEPT_ENCODING="gzip,deflate"
HTTP_ACCEPT_LANGUAGE="en-us,en;q=0.7,ja;q=0.3"
HTTP_CONNECTION="keep-alive"
HTTP_HOST="f14dev1.catseye.org"
HTTP_KEEP_ALIVE="115"
HTTP_USER_AGENT="Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;
rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15"
PATH="/sbin:/usr/sbin:/bin:/usr/bin"
PATH_INFO="/www/perl-ssl/some-script.pl/extra/stuff"
PATH_TRANSLATED="/www/html-ssl/www/perl-ssl/some-script.pl/extra/stuff"
QUERY_STRING="foo=1&bar=2"
REMOTE_ADDR="172.16.168.1"
REMOTE_PORT="49651"
REMOTE_USER="markmont"
REQUEST_METHOD="GET"
REQUEST_SCHEME="https"
REQUEST_URI="/scgi-test/some-script.pl/extra/stuff?foo=1&bar=2"
SCGI="1"
SCRIPT_FILENAME="proxy:scgi://127.0.0.1:4000/www/perl-ssl/some-script.pl/extra/stuff"
SCRIPT_NAME="/scgi-test"
SERVER_ADDR="172.16.168.128"
SERVER_ADMIN="webmaster@catseye.org"
SERVER_NAME="f14dev1.catseye.org"
SERVER_PORT="443"
SERVER_PROTOCOL="HTTP/1.1"
SERVER_SIGNATURE="<address>Apache/2.3.12-dev (Fedora) Server at <a
href=\"mailto:webmaster@catseye.org\">f14dev1.catseye.org</a> Port
443</address>\n"
SERVER_SOFTWARE="Apache/2.3.12-dev (Fedora)"
SSL_TLS_SNI="f14dev1.catseye.org"

This violates the requirement for script-URI in section 3.3 of RFC 3875,
resulting in a script-URI of

https://f14dev1.catseye.org:443/scgi-test/www/perl-ssl/some-script.pl/extra/stuff?foo=1&bar=2

instead of the correct script-URI, which is

https://f14dev1.catseye.org:443/scgi-test/some-script.pl/extra/stuff?foo=1&bar=2

See bug 50851 for additional discussion.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message