httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rahul <Rahul.G.N...@Sun.COM>
Subject Re: Broken URI-unescaping in mod_proxy
Date Wed, 10 Oct 2007 13:27:00 GMT
[Nick Kew:]
| On Wed, 10 Oct 2007 00:17:18 +0200
| Graham Leggett <minfrin@sharp.fm> wrote:
| 
| > As I recall there is very little difference between the code for 
| > "forward proxy" and the code for "reverse proxy", the key differences 
| > being to send a Proxy-Auth instead of Auth where appropriate, and
| > other minor things.
| 
| There's quite a lot of difference in the path manipulation,
| though both have similar bugs.
| 
| > Separating the module into two will just mean two modules with
| > virtually identical code: a breeding ground for all sorts of problems.
| 
| Not necessarily.  A reworking can factor out more of the common
| code into proxy_util, leaving mod_proxy and mod_gateway as
| fairly slim modules.

It would be nice to have different modules for reverse proxy and forward
proxy.. from an FTP perspective.

There is a fairly large difference in FTP (and perhaps in other protocols
too) in terms of the optimizations that needs to be done for forward proxy
and reverse proxy.

In forward proxy, we can not assume the kind of ftp servers the client
requests. So when there is an error of some sort we should try again
with a syntax that might be acceptable to the next possible type of
server. 

In the reverse proxy, this is wrong, and introduces unnecessary
overheads in network traffic (where it would be simpler to ask the user
to provide the type of server in the backend and error out if the ftp
server returns error.)

(examples include negotiating PORT/PASSIVE/EPRT/EPSV connections, the
syntax of various commands like LIST etc..)


                                    rahul
--
1. e4 _



Mime
View raw message