httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 52774] RewriteRules within outgoing proxy no longer work
Date Mon, 28 May 2012 16:11:47 GMT

--- Comment #13 from Gordon <> ---
Created attachment 28843
Patch v2 for CVE-2011-4317 effecting only rewriterule proxy

Had another little play, and this patch is another approach by extending
ACTION_ to include ACTION_FORBIDDEN. Less parameters and cleaner, but only if
you dont mind ACTION being extended in this way.

Added it into .htaccess too.

Again, I have been unable to test to see if this actually does block the CVE
issue, but I cannot see any reason why it wouldnt deal with the issue. Maybe
someone can check and amend as necessary? I am not a mod_rewrite.c expert so
this patch could have side-effects, but it seems ok and works for me.

You are receiving this mail because:
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message