I'd prefer this to using <Files>, but that's only one +1.
Martin Kraemer wrote:
>
> Hi,
>
> A couple of weeks ago I described a proxy bug which has to to with
> apache access control. When given a directive
> <Directory proxy:*>
> order allow,deny
> allow from all
> deny from some.guy
> </Directory>
> then apache would block proxy access for host some.guy to URLs that ended
> in a slash, but would happily serve URLs which didn't
> (i.e. the majority of all requests).
>
> Here's what I found out:
>
> In create_core_dir_config(), an entry conf->d = "proxy:*/" is created
> from the directive <Directory proxy:*>:
> ...else conf->d = pstrcat (a, dir, "/", NULL);
>
> This entry is the later compared in directory_walk() against the current
> proxy request (which has the form "proxy:http://somehost/somepath").
> This match fails unless the proxy request ends in a '/'.
>
> Here's a patch which fixes the described bug.
>
> --- #http_core.c~ Sun Apr 20 19:29:10 1997
> +++ http_core.c Sun Apr 20 19:29:10 1997
> @@ -82,6 +82,7 @@
> (core_dir_config *)pcalloc(a, sizeof(core_dir_config));
>
> if (!dir || dir[strlen(dir) - 1] == '/') conf->d = dir;
> + else if (strncmp(dir,"proxy:",6)==0) conf->d = pstrdup (a, dir);
> else conf->d = pstrcat (a, dir, "/", NULL);
> conf->d_is_matchexp = conf->d ? is_matchexp( conf->d ) : 0;
>
> I hope this is the right place to fix this. The test in directory_walk()
> which tests the first character of the request for '/' is somehow unclear
> to me....
>
> Martin
> --
> | S I E M E N S | <Martin.Kraemer@mch.sni.de> | Siemens Nixdorf
> | ------------- | Voice: +49-89-636-46021 | Informationssysteme AG
> | N I X D O R F | FAX: +49-89-636-44994 | 81730 Munich, Germany
> ~~~~~~~~~~~~~~~~My opinions only, of course; pgp key available on request
--
chuck
Chuck Murcko
The Topsail Group, West Chester PA USA
chuck@topsail.org
|