You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2012/05/24 16:24:19 UTC
[Bug 53286] No longer supports rewriting HTTP CONNECT
https://issues.apache.org/bugzilla/show_bug.cgi?id=53286
--- Comment #1 from Gordon <g....@napier.ac.uk> ---
The following patch fixes the problem for me. It also gives some logging for
future users want to debug similar issues.
-----
diff -Npru httpd-2.2.22.orig/modules/mappers/mod_rewrite.c
httpd-2.2.22/modules/
mappers/mod_rewrite.c
--- httpd-2.2.22.orig/modules/mappers/mod_rewrite.c 2012-01-24 19:39:31.0000
00000 +0000
+++ httpd-2.2.22/modules/mappers/mod_rewrite.c 2012-05-24 14:47:49.949153810 +0
100
@@ -4267,10 +4267,14 @@ static int hook_uri2file(request_rec *r)
}
if ((r->unparsed_uri[0] == '*' && r->unparsed_uri[1] == '\0')
- || !r->uri || r->uri[0] != '/') {
+ || !r->uri ||
+ (r->uri[0] != '/' && r->method_number != M_CONNECT)) {
+ rewritelog((r, 2, NULL, "uri %s is considered a security risk",
+ r->uri));
return DECLINED;
}
+
/*
* add the SCRIPT_URL variable to the env. this is a bit complicated
* due to the fact that apache uses subrequests and internal redirects
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org