httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 52774] RewriteRules within outgoing proxy no longer work
Date Mon, 28 May 2012 16:11:47 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=52774

--- Comment #13 from Gordon <g.russell@napier.ac.uk> ---
Created attachment 28843
  --> https://issues.apache.org/bugzilla/attachment.cgi?id=28843&action=edit
Patch v2 for CVE-2011-4317 effecting only rewriterule proxy

Had another little play, and this patch is another approach by extending
ACTION_ to include ACTION_FORBIDDEN. Less parameters and cleaner, but only if
you dont mind ACTION being extended in this way.

Added it into .htaccess too.

Again, I have been unable to test to see if this actually does block the CVE
issue, but I cannot see any reason why it wouldnt deal with the issue. Maybe
someone can check and amend as necessary? I am not a mod_rewrite.c expert so
this patch could have side-effects, but it seems ok and works for me.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message