httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject svn commit: r1179283 - in /httpd/httpd/branches/2.2.x/docs/manual: mod/mod_autoindex.xml mod/mod_proxy.html.en mod/mod_proxy.xml rewrite/flags.html.en rewrite/flags.xml
Date Wed, 05 Oct 2011 15:57:16 GMT
Author: jorton
Date: Wed Oct  5 15:57:15 2011
New Revision: 1179283

URL: http://svn.apache.org/viewvc?rev=1179283&view=rev
Log:
Merge r1179272, r1179266 from trunk:

* docs/manual: add note here in light of CVE-2011-3368

- add a security warning, and tweak the example, in light of CVE-2011-3368


Modified:
    httpd/httpd/branches/2.2.x/docs/manual/mod/mod_autoindex.xml   (props changed)
    httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy.html.en
    httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy.xml
    httpd/httpd/branches/2.2.x/docs/manual/rewrite/flags.html.en
    httpd/httpd/branches/2.2.x/docs/manual/rewrite/flags.xml

Propchange: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_autoindex.xml
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Oct  5 15:57:15 2011
@@ -1 +1 @@
-/httpd/httpd/trunk/docs/manual/mod/mod_autoindex.xml:395552,417988,451572,583817,583830,611483,630858,639005,639010,647395,657354,657459,660461,660566,664330,675610,678761,680082,681190,682369,683626,684351,685112,686549,686805,686809,687099,687754,692325,693120,693392,693727-693728,696006,697093,703441,703997,706318,707163,708902,711421,719357,720250,726109,728015,728020,728220,729316-729317,729586,732414,732421,732451,732504,732832,733127,733134,733218-733219,733465,733467,733695,734703,734710,743589,755190,756671,756675,756678,756683,757741,761329,763394,764239,768535,769809,771587,771610,776325,777042,777091,778438-778439,778531,778942,780648,780655,780692,780697,780699,785457,785661,790587,803704,891282,942209,955966,992625,1026743,1058192,1059559-1059589,1070096,1162584
+/httpd/httpd/trunk/docs/manual/mod/mod_autoindex.xml:395552,417988,451572,583817,583830,611483,630858,639005,639010,647395,657354,657459,660461,660566,664330,675610,678761,680082,681190,682369,683626,684351,685112,686549,686805,686809,687099,687754,692325,693120,693392,693727-693728,696006,697093,703441,703997,706318,707163,708902,711421,719357,720250,726109,728015,728020,728220,729316-729317,729586,732414,732421,732451,732504,732832,733127,733134,733218-733219,733465,733467,733695,734703,734710,743589,755190,756671,756675,756678,756683,757741,761329,763394,764239,768535,769809,771587,771610,776325,777042,777091,778438-778439,778531,778942,780648,780655,780692,780697,780699,785457,785661,790587,803704,891282,942209,955966,992625,1026743,1058192,1059559-1059589,1070096,1162584,1179266,1179272

Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy.html.en?rev=1179283&r1=1179282&r2=1179283&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy.html.en (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy.html.en Wed Oct  5 15:57:15 2011
@@ -1296,6 +1296,15 @@ through</td></tr>
     <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code>
directive with the
     <code>[P]</code> flag.</p>
 
+    <div class="warning">
+      <h3>Security Warning</h3>
+      <p>Take care when constructing the target URL of the rule, considering
+        the security impact from allowing the client influence over the set of
+        URLs to which your server will act as a proxy.  Ensure that the scheme
+        and hostname part of the URL is either fixed, or does not allow the
+        client undue influence.</p>
+    </div>
+
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
 <div class="directive-section"><h2><a name="ProxyPassReverse" id="ProxyPassReverse">ProxyPassReverse</a>
<a name="proxypassreverse" id="proxypassreverse">Directive</a></h2>

Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy.xml?rev=1179283&r1=1179282&r2=1179283&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy.xml (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy.xml Wed Oct  5 15:57:15 2011
@@ -1122,6 +1122,15 @@ expressions</description>
     <p>If you require a more flexible reverse-proxy configuration, see the
     <directive module="mod_rewrite">RewriteRule</directive> directive with the
     <code>[P]</code> flag.</p>
+
+    <note type="warning">
+      <title>Security Warning</title>
+      <p>Take care when constructing the target URL of the rule, considering
+        the security impact from allowing the client influence over the set of
+        URLs to which your server will act as a proxy.  Ensure that the scheme
+        and hostname part of the URL is either fixed, or does not allow the
+        client undue influence.</p>
+    </note>
 </usage>
 </directivesynopsis>
 

Modified: httpd/httpd/branches/2.2.x/docs/manual/rewrite/flags.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/rewrite/flags.html.en?rev=1179283&r1=1179282&r2=1179283&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/rewrite/flags.html.en (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/rewrite/flags.html.en Wed Oct  5 15:57:15 2011
@@ -459,7 +459,7 @@ example, if you wanted all image request
 image server, you might do something like the following:</p>
 
 <div class="example"><p><code>
-RewriteRule (.*)\.(jpg|gif|png) http://images.example.com$1.$2 [P]
+RewriteRule /(.*)\.(jpg|gif|png) http://images.example.com/$1.$2 [P]
 </code></p></div>
 
 <p>Use of the [P] flag implies [L] - that is, the request is immediately
@@ -474,6 +474,15 @@ error from the proxy module. Use this fl
 more powerful implementation of the <code class="directive"><a href="../mod/mod_proxy.html#proxypass">ProxyPass</a></code>
directive,
 to map remote content into the namespace of the local server.</p>
 
+<div class="warning">
+<h3>Security Warning</h3>
+<p>Take care when constructing the target URL of the rule, considering
+the security impact from allowing the client influence over the set of
+URLs to which your server will act as a proxy.  Ensure that the scheme
+and hostname part of the URL is either fixed, or does not allow the
+client undue influence.</p>
+</div>
+
 <p>Note: <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code>
must be enabled in order
 to use this flag.</p>
 

Modified: httpd/httpd/branches/2.2.x/docs/manual/rewrite/flags.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/rewrite/flags.xml?rev=1179283&r1=1179282&r2=1179283&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/rewrite/flags.xml (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/rewrite/flags.xml Wed Oct  5 15:57:15 2011
@@ -459,7 +459,7 @@ example, if you wanted all image request
 image server, you might do something like the following:</p>
 
 <example>
-RewriteRule (.*)\.(jpg|gif|png) http://images.example.com$1.$2 [P]
+RewriteRule /(.*)\.(jpg|gif|png) http://images.example.com/$1.$2 [P]
 </example>
 
 <p>Use of the [P] flag implies [L] - that is, the request is immediately
@@ -475,6 +475,15 @@ more powerful implementation of the <dir
 module="mod_proxy">ProxyPass</directive> directive,
 to map remote content into the namespace of the local server.</p>
 
+<note type="warning">
+<title>Security Warning</title>
+<p>Take care when constructing the target URL of the rule, considering
+the security impact from allowing the client influence over the set of
+URLs to which your server will act as a proxy.  Ensure that the scheme
+and hostname part of the URL is either fixed, or does not allow the
+client undue influence.</p>
+</note>
+
 <p>Note: <module>mod_proxy</module> must be enabled in order
 to use this flag.</p>
 



Mime
View raw message