www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lyonel VINCENT <vinc...@trotek05.trotek.ec-lyon.fr>
Subject mod_proxy/671: server access restrictions apply to proxy requests
Date Wed, 04 Jun 1997 12:30:02 GMT

>Number:         671
>Category:       mod_proxy
>Synopsis:       server access restrictions apply to proxy requests
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Wed Jun  4 05:30:01 1997
>Originator:     vincent@hpwww.ec-lyon.fr
>Organization:
apache
>Release:        1.2b10
>Environment:
HP-UX atropos B.10.20 A 9000/803 2006896634 two-user license
>Description:
Directory-based access restrictions also apply to proxy requests, preventing
users to access remote unrestricted documents.
>How-To-Repeat:
On the myhost web server put access restrictions:

<Directory */security>
order deny,allow
deny from all
allow from mycompany.com
</Directory>

Configure myhost as your web-proxy
then access to http://externalhost/projects/security/

even if externalhost does not restrict access, myhost will refuse to serve the
requested document
>Fix:
by inserting
   if (r->proxyreq) return OK;
at the beginning of
   int check_dir_access (request_rec *r)
in mod_access, you will fix this behaviour

BUT it also disables <Directory proxy:> directives used to restrict access to
the proxy itself %2
>Audit-Trail:
>Unformatted:



Mime
View raw message