httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Fix for CVE-2011-4317 broke RewriteMap in forward proxy?
Date Fri, 23 Mar 2012 17:00:45 GMT
It seems using a rewrite map in a forward proxy is broken in 2.2.22. It 
was working until 2.2.21. The problem is the fix for CVE-2011-4317 which 
returns DECLINED in hook_uri2file() in mod_rewrite.

The config is roughly:

Listen 3128
<VirtualHost *:3128>

   ProxyRequests on
   RewriteEngine on

   RewriteRule http://myserver.example.com/dummy.txt 
/opt/apache/htdocs/dummy.txt

</VirtualHost>

The actual config is more complex, but the above suffices to reproduce.

In case you wonder why one would want to do that: the real config has a 
list of rewrite rules (actually a rewrite map) containing URLs of large 
files which have been deployed directly on the forward proxy and should 
not be proxied, instead be delivered from the local file system.

The actual rules then have a part that fall back to normal proxying any 
URL, which is not handled by the rewrite rules. I ommitted these here, 
because they are not relevant for reproduction.

I added a log statement and it is indeed the new "return DECLINED" we 
have backported from trunk in 2.2.22. The triggering case is that the 
uri does not start with a "/".

Test case:

curl -x localhost:3128 http://myserver.example.com/dummy.txt

Expected result: getting the file /opt/data/dummy.txt
Actual result: The RewriteMap is not being called, instead the fallback 
config I removed here is executed and the file is retrieved from the 
origin server

Any idea how to fix? Or do you think this is correct behaviour?

Regards,

Rainer

Mime
View raw message