You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2012/05/24 16:24:19 UTC

[Bug 53286] No longer supports rewriting HTTP CONNECT

https://issues.apache.org/bugzilla/show_bug.cgi?id=53286

--- Comment #1 from Gordon <g....@napier.ac.uk> ---
The following patch fixes the problem for me. It also gives some logging for
future users want to debug similar issues.
-----


diff -Npru httpd-2.2.22.orig/modules/mappers/mod_rewrite.c
httpd-2.2.22/modules/
mappers/mod_rewrite.c
--- httpd-2.2.22.orig/modules/mappers/mod_rewrite.c 2012-01-24 19:39:31.0000
00000 +0000
+++ httpd-2.2.22/modules/mappers/mod_rewrite.c 2012-05-24 14:47:49.949153810 +0
100
@@ -4267,10 +4267,14 @@ static int hook_uri2file(request_rec *r)
     }

     if ((r->unparsed_uri[0] == '*' && r->unparsed_uri[1] == '\0')
-        || !r->uri || r->uri[0] != '/') {
+        || !r->uri ||
+        (r->uri[0] != '/' && r->method_number != M_CONNECT)) {
+        rewritelog((r, 2, NULL, "uri %s is considered a security risk",
+                            r->uri));
         return DECLINED;
     }

+
     /*
      *  add the SCRIPT_URL variable to the env. this is a bit complicated
      *  due to the fact that apache uses subrequests and internal redirects

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org