httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <jos...@slive.ca>
Subject Re: [users@httpd] reverse proxy fails on uri escape sequences
Date Wed, 28 Jun 2006 17:48:52 GMT
On 6/27/06, Lewis Hoffman <lewis@grasscommons.org> wrote:
> Hello,
>
>  I'm running a reverse proxy in apache-2.0.54
> For most urls, it's working great.  However, some URI escape sequences cause
> 404s from apache.  It seems as if they never get to the rewrite rule.
>
> For example, these two URLs:
> 1) http://wagon.grasscommons.org/c/wiki/new/thisthat
> 2) http://wagon.grasscommons.org/c/wiki/new/this%2Fthat
>
> access log entries for the two requests, respectively:
>
> 67.42.179.239 - - [27/Jun/2006:15:13:49 -0700] "GET /c/wiki/new/thisthat
> HTTP/1.1" 200 2404 "-" "Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US;
> rv:1.8.0.3) Gecko/20060326 Firefox/1.5.0.3 (Debian-1.5.dfsg+1.5.0.3-2)"
>  67.42.179.239 - - [27/Jun/2006:15:13:20 -0700] "GET /c/wiki/new/this%2Fthat
> HTTP/1.1" 404 218 "-" "Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US;
> rv:1.8.0.3) Gecko/20060326 Firefox/1.5.0.3 (Debian-1.5.dfsg+1.5.0.3-2)"

Try this:
http://httpd.apache.org/docs/2.0/mod/core.html#allowencodedslashes

Encoded slashes are not allowed by default because they can be used to
trick some scripts into disclosing protected content.  (Although that
seems like a pretty weak explanation to me.  Lot's of other characters
cause potential problems.)

Joshua.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message