[Bug 63437] New: MergeSlashes option breaks protocol specifier in URIs

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug 63437] New: MergeSlashes option breaks protocol specifier in URIs

Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=63437

            Bug ID: 63437
           Summary: MergeSlashes option breaks protocol specifier in URIs
           Product: Apache httpd-2
           Version: 2.4.39
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Core
          Assignee: [hidden email]
          Reporter: [hidden email]
  Target Milestone: ---

Hello together,

we use mod_proxy as a forward proxy for outgoing web traffic. Version 2.4.39
introduced the new MergeSlashes option which defaults to ON.

This breaks the protocol specifier of URIs, especially in the data structure
apfilter_t->r->uri as used by mod_proxy.

Here's a logged URI with MergeSlashes ON:

http:/2016.eicar.org/download/eicar.com

-> the second slash in the URI after "http:/" got eaten.

Turning MergeSlashes OFF fixes the issue. I guess this is an unwanted side
effect of the new feature :)

Best regards,
Thomas Jarosch

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 63437] MergeSlashes option breaks protocol specifier in URIs

Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=63437

Eric Covener <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |NEEDINFO

--- Comment #1 from Eric Covener <[hidden email]> ---
Thanks for the report, basic FWD proxy seems to work for me without any change.

It's interesting that you mentioned a filter related pointer and "logging". Can
you elaborate a bit on the symptom/config/logs?  Is it only an issue with
mod_proxy_html? Is the right URL forwarded does it blow up immediately?

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 63437] MergeSlashes option breaks protocol specifier in URIs

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=63437

Thomas Jarosch <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]
                   |                            |m

--- Comment #2 from Thomas Jarosch <[hidden email]> ---
The log output is created in a custom output filter chained after mod_proxy.
Sorry I didn't give more configuration details, here's the proxy config:

<Proxy *>
   ProxyAddHeaders Off
   SetOutputFilter fsav
</Proxy>


The filter code is like this:

apr_status_t fsav_filter(ap_filter_t *f, apr_bucket_brigade *buckets);

ap_register_output_filter_protocol("fsav", fsav_filter, NULL,
AP_FTYPE_CONTENT_SET, 0);


I've just added this debug logger at the start of the filter function:

    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, f->r, "[%d] Debug issue #63437:
%s", getpid(), f->r->uri);


Output:
[Wed May 15 17:02:44.468188 2019] [fsav:error] [pid 19206:tid 3062889280]
[client 127.0.0.1:44788] [19206] Debug issue #63437: http:/eicar.org/

-> the URI is already broken.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]