httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lars Eilebrecht <Lars.Eilebre...@unix-ag.org>
Subject mod_proxy weirdness when matching hosts with multiple ip adresses (PR974)
Date Tue, 12 Aug 1997 18:37:36 GMT
Hi,

On the first sight PR974 looked like a configuration problem, but appeared to
a bug in proxy_match_ipaddr() of proxy_util.c. At least I think it is bug,
because I couldn't reproduce the effect. I tested on Digital Unix while the
originator of the PR uses Solaris 2.5.0 (Apache 1.3a1).

Maybe someone with access to Solaris 2.5.anything can test it.

The details:

Proxy config:

 ProxyDomain     .rexroth.de
 NoProxy         145.230.209.3 145.230.209.229
 NoProxy         145.230.211.11 145.230.211.12
 NoProxy         .rexroth.de
 NoProxy         mpoint.mannesmann.de
 NoProxy         145.230.129.128 145.230.129.173
 ProxyRemote     * http://proxy1.mannesmann.de:8080

 (The 145.230.x.x addresses are intranet addresses with proxy1.mannesmann.de
  as a firewall)

If a hostname is requested which has more than one ip address (eg.
www.sun.com) or in other words - a lookup results in a hostent structure
with more then one address in h_addr_list then the matching in
proxy_match_ipaddr() screws up.

Here is the debug output from the user for a request to www.sun.com:

 3)IP-NoMatch: www.sun.com[192.9.48.5] <-> 145.230.209.3/255.255.255.255
 3)IP-NoMatch: www.sun.com[112.114.111.120] <-> 145.230.209.3/255.255.255.255
 3)IP-NoMatch: www.sun.com[121.45.109.100] <-> 145.230.209.3/255.255.255.255
 3)IP-NoMatch: www.sun.com[118.0.3.16] <-> 145.230.209.3/255.255.255.255
 3)IP-NoMatch: www.sun.com[0.0.0.40] <-> 145.230.209.3/255.255.255.255
 3)IP-NoMatch: www.sun.com[0.133.6.200] <-> 145.230.209.3/255.255.255.255
 3)IP-NoMatch: www.sun.com[0.142.122.104] <-> 145.230.209.3/255.255.255.255
 3)IP-NoMatch: www.sun.com[0.133.8.168] <-> 145.230.209.3/255.255.255.255
 3)IP-NoMatch: www.sun.com[255.255.255.255] <-> 145.230.209.3/255.255.255.255
 3)IP-NoMatch: www.sun.com[0.132.255.200] <-> 145.230.209.3/255.255.255.255
 3)IP-NoMatch: www.sun.com[0.56.35.112] <-> 145.230.209.3/255.255.255.255
 3)IP-NoMatch: www.sun.com[0.133.4.16] <-> 145.230.209.3/255.255.255.255
 3)IP-NoMatch: www.sun.com[223.255.241.144] <-> 145.230.209.3/255.255.255.255
 3)IP-NoMatch: www.sun.com[223.115.43.124] <-> 145.230.209.3/255.255.255.255
 3)IP-NoMatch: www.sun.com[0.143.185.80] <-> 145.230.209.3/255.255.255.255
 3)IP-NoMatch: www.sun.com[101.114.0.116] <-> 145.230.209.3/255.255.255.255
 3)IP-NoMatch: www.sun.com[105.109.101.115] <-> 145.230.209.3/255.255.255.255
 3)IP-NoMatch: www.sun.com[101.114.118.101] <-> 145.230.209.3/255.255.255.255
 3)IP-NoMatch: www.sun.com[114.0.109.97] <-> 145.230.209.3/255.255.255.255
 3)IP-NoMatch: www.sun.com[105.108.104.111] <-> 145.230.209.3/255.255.255.255
 3)IP-NoMatch: www.sun.com[115.116.0.0] <-> 145.230.209.3/255.255.255.255
 3)IP-Match: www.sun.com[145.230.209.3] <-> 145.230.209.3/255.255.255.255     

In the last line one of the local addresses (NoProxy addresses) is used as
the ip address of www.sun.com resulting in match and a direct access to
www.sun.com (which fails, because it's behind the firewall).

For me the relevant lines in proxy_util.c look good and at least under
Digital Unix it works (but maybe I'm only to stupid to see the bug <:-)):

  for (ip_list = (struct in_addr *) *the_host.h_addr_list;
       ip_list->s_addr != 0UL;
       if (This->addr.s_addr == (ip_list->s_addr & This->mask.s_addr))
    {
       /* debug output ...*/
       return 1;
    }


Can anyone verify the problem?

ciao...
--
Lars Eilebrecht                         - "New versions are not offered
sfx@unix-ag.org                         - to cure faults." (Bill Gates)
http://www.si.unix-ag.org/~sfx/

Mime
View raw message