httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: Broken URI-unescaping in mod_proxy
Date Sun, 09 Sep 2007 09:25:26 GMT


On 09/09/2007 02:21 AM, Nick Kew wrote:
> PR 41798 and many related ones (eg 39746, 38980 - both of which I've
> closed today) show a history of incorrect URL-unescaping in mod_proxy.
> 
> For PR41798, the attached patch looks like a fix: it just uses
> r->unparsed_uri (escaped) instead of r->uri (unescaped) in
> proxy_trans.  I'm wondering if using unparsed_uri here risks
> breaking something or has security implications we need to
> consider, bearing in mind we already unescaped it and thus
> verified it is well-formed.

I think it has security implications, because

1. We do the proxy_walk *after* proxy_trans and the normal configuration
   expects that all the shrinking transformations happened correctly.

2. It can be used to circumvent ProxyPass / ProxyPassmatch settings by
   tricky encodings in order to sent requests to unintended locations.

Furthermore it makes it really hard for the administrator to configure
things as he has to consider all kind of encoding stuff when setting
up his rules for reverse proxying. And: This patch doesn't work with
mod_rewrite.

BTW: IMHO it is not needed to set r->uri to local_uri in your patch
as proxy handler only deals with r->filename.

So as a summary, yes we have some problems with the current approach and
some things are broken, but using the unparsed uri opens a can of worms
IMHO.


Regards

RĂ¼diger




Mime
View raw message