httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 52232] New: mod_proxy returns 403 forbidden when query string contains XML fragment
Date Wed, 23 Nov 2011 15:48:18 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=52232

             Bug #: 52232
           Summary: mod_proxy returns 403 forbidden when query string
                    contains XML fragment
           Product: Apache httpd-2
           Version: 2.2.17
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: major
          Priority: P2
         Component: mod_proxy_http
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: ishaigorodsky@yahoo.com
    Classification: Unclassified


Dear Apachean

Apache HTTPD 2.2.17 is configured with the following reverse proxying
directives

AllowEncodedSlashes On
ProxyPass /abc/def/ https://other:port/abc/def/
ProxyPassReverse /abc/def/ https://other:port/abd/def/

Requests below are successfully reverse proxied

https://myhost.mydomain.com/abc/def/page
https://myhost.mydomain.com/abc/def/page?timezone%3DAU%26params%3Dtest

while the request (URL encoded and not encoded) results in 403 Forbidden error:
You don't have permission to access /abc/def/page on this server.

https://myhost.mydomain.com/abc/def/page?timezone=AU&params=<Params><Param
id="ARG_start" val="'now', '-100 days'"/><Param id="ARG_stop"
val="'now'"/></Params>

https://myhost.mydomain.com/abc/def/page?timezone%3DAU%26params%3D%3CParams%3E%3CParam%20id%3D%22ARG_start%22%20val%3D%22%27now%27%2C%20%27-100%20days%27%22%2F%3E%3CParam%20id%3D%22ARG_stop%22%20val%3D%22%27now%27%22%2F%3E%3C%2FParams%3E

My conclusion that the XML passed as parameters is the issue, however I was not
able to locate anything that explicitly forbids such query strings or makes
such query string acceptable.

Please advise
Irena

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message