www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Courbis <Paul.Cour...@crm.mot.com>
Subject mod_cgi/3002: When using apache as a proxy, Proxy-authorization not passed to local CGI
Date Mon, 14 Sep 1998 14:06:27 GMT

>Number:         3002
>Category:       mod_cgi
>Synopsis:       When using apache as a proxy, Proxy-authorization not passed to local
CGI
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Mon Sep 14 18:10:01 PDT 1998
>Last-Modified:
>Originator:     Paul.Courbis@crm.mot.com
>Organization:
apache
>Release:        1.3.0
>Environment:
Operating system : HPUX 10.20
Compiler gcc
>Description:
My problem is a little bit complex :
I wanna setup apache to be a proxy before another proxies that request an
 authentification and to run a cgi for each query for statistics purposes.
I defined "www.crm.mot.com" to be the proxy of my Netscape client, added a
rewrite rule :
 
RewriteRule  ^proxy:(.*) http://www.crm.mot.com/cgi-bin/proxy.cgi?$1 [P]

My problem is that my CGI does not receive the Proxy-authorization from the 
client even if I enabled the -DSECURITY_HOLE_PASS_AUTHORIZATION at compile time.

What is strange is that it works for direct queries but not for queries using
the server as a proxy... Peharps the [P] (force proxy flag) does not forward
all the headers to the proxy module ? But as, as far as I understand, this
header is parsed into env variables (main/util_script.c:ap_add_common_vars()),
it should be ?

Actually, if I manually query the server for the local cgi and passing the proxy 
authentification, the script get it :
GET /cgi-bin/proxy.cgi HTTP/1.0  
Proxy-Connection: Keep-Alive  
User-Agent: Mozilla/4.05 [en] (X11; I; Linux 2.0.32 i586)  
Host: www.courbis.com  
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*  
Accept-Language: en   
Accept-Charset: iso-8859-1,*,utf-8  
Proxy-authorization: Basic XXXXXXXXXXXXXXXXX

=> proxy.cgi receives the authentification HTTP_PROXY_AUTHORIZATION

If I ask for :
GET http://www.courbis.com/ HTTP/1.0  
Proxy-Connection: Keep-Alive  
User-Agent: Mozilla/4.05 [en] (X11; I; Linux 2.0.32 i586)  
Host: www.courbis.com  
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*  
Accept-Language: en   
Accept-Charset: iso-8859-1,*,utf-8  
Proxy-authorization: Basic XXXXXXXXXXXXXXXXXXXXX

then proxy.cgi doesn't receive it !

(I thought I'd find it in HTTP_PROXY_AUTHORIZATION or REDIRECTED_HTTP_PROXY_AUTHORIZATION)

Could you help please ?
>How-To-Repeat:
I can send you the CGI code, despite a simple shell script :
#!/bin/sh
echo Content-type: text/plain
echo
env | sort

can show you the problem. The easied way to reproduce it is to  use a version
of apache compiled with proxy/module & -DSECURITY_HOLE_PASS_AUTHORIZATION. Then
to setup the abose RewriteRule and to telnet the above queries to the
server...
>Fix:
Well, I'd like to, but...
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <apbugs@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request ]
[from a developer.                                      ]
[Reply only with text; DO NOT SEND ATTACHMENTS!         ]




Mime
View raw message