Return-Path: X-Original-To: apmail-httpd-bugs-archive@www.apache.org Delivered-To: apmail-httpd-bugs-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 7C197C1F5 for ; Mon, 28 May 2012 16:12:11 +0000 (UTC) Received: (qmail 69031 invoked by uid 500); 28 May 2012 16:12:11 -0000 Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org Received: (qmail 68944 invoked by uid 500); 28 May 2012 16:12:10 -0000 Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: "Apache HTTPD Bugs Notification List" List-Id: Delivered-To: mailing list bugs@httpd.apache.org Received: (qmail 68934 invoked by uid 99); 28 May 2012 16:12:10 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 28 May 2012 16:12:10 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.115] (HELO eir.zones.apache.org) (140.211.11.115) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 28 May 2012 16:12:08 +0000 Received: by eir.zones.apache.org (Postfix, from userid 80) id 2E4A35A73; Mon, 28 May 2012 16:11:47 +0000 (UTC) From: bugzilla@apache.org To: bugs@httpd.apache.org Subject: [Bug 52774] RewriteRules within outgoing proxy no longer work Date: Mon, 28 May 2012 16:11:47 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Apache httpd-2 X-Bugzilla-Component: mod_proxy X-Bugzilla-Keywords: X-Bugzilla-Severity: regression X-Bugzilla-Who: g.russell@napier.ac.uk X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: bugs@httpd.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://issues.apache.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 https://issues.apache.org/bugzilla/show_bug.cgi?id=52774 --- Comment #13 from Gordon --- Created attachment 28843 --> https://issues.apache.org/bugzilla/attachment.cgi?id=28843&action=edit Patch v2 for CVE-2011-4317 effecting only rewriterule proxy Had another little play, and this patch is another approach by extending ACTION_ to include ACTION_FORBIDDEN. Less parameters and cleaner, but only if you dont mind ACTION being extended in this way. Added it into .htaccess too. Again, I have been unable to test to see if this actually does block the CVE issue, but I cannot see any reason why it wouldnt deal with the issue. Maybe someone can check and amend as necessary? I am not a mod_rewrite.c expert so this patch could have side-effects, but it seems ok and works for me. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org