httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chuck Murcko <ch...@topsail.org>
Subject Re: [PATCH] fix PR mod_proxy/271 (in http_core.c!)
Date Mon, 21 Apr 1997 05:02:59 GMT
I'd prefer this to using <Files>, but that's only one +1.

Martin Kraemer wrote:
> 
> Hi,
> 
> A couple of weeks ago I described a proxy bug which has to to with
> apache access control. When given a directive
>   <Directory proxy:*>
>    order allow,deny
>    allow from all
>    deny from some.guy
>   </Directory>
> then apache would block proxy access for host some.guy to URLs that ended
> in a slash, but would happily serve URLs which didn't
> (i.e. the majority of all requests).
> 
> Here's what I found out:
> 
> In create_core_dir_config(), an entry  conf->d = "proxy:*/"  is created
> from the directive <Directory proxy:*>:
>    ...else conf->d = pstrcat (a, dir, "/", NULL);
> 
> This entry is the later compared in directory_walk() against the current
> proxy request (which has the form "proxy:http://somehost/somepath").
> This match fails unless the proxy request ends in a '/'.
> 
> Here's a patch which fixes the described bug.
> 
> --- #http_core.c~       Sun Apr 20 19:29:10 1997
> +++ http_core.c Sun Apr 20 19:29:10 1997
> @@ -82,6 +82,7 @@
>        (core_dir_config *)pcalloc(a, sizeof(core_dir_config));
> 
>      if (!dir || dir[strlen(dir) - 1] == '/') conf->d = dir;
> +    else if (strncmp(dir,"proxy:",6)==0) conf->d = pstrdup (a, dir);
>      else conf->d = pstrcat (a, dir, "/", NULL);
>      conf->d_is_matchexp = conf->d ? is_matchexp( conf->d ) : 0;
> 
> I hope this is the right place to fix this. The test in directory_walk()
> which tests the first character of the request for '/' is somehow unclear
> to me....
> 
>     Martin
> --
> | S I E M E N S |  <Martin.Kraemer@mch.sni.de>  |      Siemens Nixdorf
> | ------------- |   Voice: +49-89-636-46021     |  Informationssysteme AG
> | N I X D O R F |   FAX:   +49-89-636-44994     |   81730 Munich, Germany
> ~~~~~~~~~~~~~~~~My opinions only, of course; pgp key available on request

-- 
chuck
Chuck Murcko
The Topsail Group, West Chester PA USA
chuck@topsail.org

Mime
View raw message