You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2011/03/06 18:34:26 UTC
DO NOT REPLY [Bug 50880] New: mod_proxy_scgi does not comply with
RFC 3875 (CGI 1.1)
https://issues.apache.org/bugzilla/show_bug.cgi?id=50880
Summary: mod_proxy_scgi does not comply with RFC 3875 (CGI 1.1)
Product: Apache httpd-2
Version: 2.3-HEAD
Platform: PC
OS/Version: Linux
Status: NEW
Severity: minor
Priority: P2
Component: Other Modules
AssignedTo: bugs@httpd.apache.org
ReportedBy: mark@catseye.org
Created an attachment (id=26733)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=26733)
Perl script for a test SCGI server that returns the environment passed to it by
mod_proxy_scgi
mod_proxy_scgi in trunk currently sets PATH_INFO, SCRIPT_NAME, and
PATH_TRANSLATED incorrectly per RFC 3875 (CGI 1.1).
This bug report is for completeness and consistency with respect to
the fix for bug 50851.
To reproduce the problem, run the attached 28 line Perl script, which
will create an SCGI server listening on port 4000. This SCGI server
just returns environment variables passed to it by mod_proxy_scgi.
Then configure mod_proxy_scgi with
ProxyPass /scgi-test/ scgi://127.0.0.1:4000/www/perl-ssl/
This presumes that a directory /www/perl-ssl exists in the filesystem,
under which are Perl scripts executed by the SCGI server. However,
the SCGI server in the attachment does not actually execute external
scripts and hence the directory /www/perl-ssl does not need to exist.
When the end user requests
https://f14dev1.catseye.org/scgi-test/some-script.pl/extra/stuff?foo=1&bar=2
mod_proxy_scgi passes the following environment variables to the SCGI server:
CONTENT_LENGTH="0"
DOCUMENT_ROOT="/www/html-ssl"
HTTPS="on"
HTTP_ACCEPT="text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
HTTP_ACCEPT_CHARSET="ISO-8859-1,utf-8;q=0.7,*;q=0.7"
HTTP_ACCEPT_ENCODING="gzip,deflate"
HTTP_ACCEPT_LANGUAGE="en-us,en;q=0.7,ja;q=0.3"
HTTP_CONNECTION="keep-alive"
HTTP_HOST="f14dev1.catseye.org"
HTTP_KEEP_ALIVE="115"
HTTP_USER_AGENT="Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;
rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15"
PATH="/sbin:/usr/sbin:/bin:/usr/bin"
PATH_INFO="/www/perl-ssl/some-script.pl/extra/stuff"
PATH_TRANSLATED="/www/html-ssl/www/perl-ssl/some-script.pl/extra/stuff"
QUERY_STRING="foo=1&bar=2"
REMOTE_ADDR="172.16.168.1"
REMOTE_PORT="49651"
REMOTE_USER="markmont"
REQUEST_METHOD="GET"
REQUEST_SCHEME="https"
REQUEST_URI="/scgi-test/some-script.pl/extra/stuff?foo=1&bar=2"
SCGI="1"
SCRIPT_FILENAME="proxy:scgi://127.0.0.1:4000/www/perl-ssl/some-script.pl/extra/stuff"
SCRIPT_NAME="/scgi-test"
SERVER_ADDR="172.16.168.128"
SERVER_ADMIN="webmaster@catseye.org"
SERVER_NAME="f14dev1.catseye.org"
SERVER_PORT="443"
SERVER_PROTOCOL="HTTP/1.1"
SERVER_SIGNATURE="<address>Apache/2.3.12-dev (Fedora) Server at <a
href=\"mailto:webmaster@catseye.org\">f14dev1.catseye.org</a> Port
443</address>\n"
SERVER_SOFTWARE="Apache/2.3.12-dev (Fedora)"
SSL_TLS_SNI="f14dev1.catseye.org"
This violates the requirement for script-URI in section 3.3 of RFC 3875,
resulting in a script-URI of
https://f14dev1.catseye.org:443/scgi-test/www/perl-ssl/some-script.pl/extra/stuff?foo=1&bar=2
instead of the correct script-URI, which is
https://f14dev1.catseye.org:443/scgi-test/some-script.pl/extra/stuff?foo=1&bar=2
See bug 50851 for additional discussion.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50880] mod_proxy_scgi does not comply with RFC
3875 (CGI 1.1)
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50880
--- Comment #1 from Mark Montague <ma...@catseye.org> 2011-03-06 12:39:20 EST ---
Created an attachment (id=26734)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=26734)
Prevent mod_proxy_scgi from setting PATH_INFO unless requested
The attached patch fixes the problem with mod_proxy_scgi in the same way
that r1078089 fixes the same problem for mod_proxy_fcgi. Thanks to
Jim Jagielski for creating the mod_proxy_fcgi patch.
A new mod_proxy_scgi env-var, proxy-scgi-pathinfo, allows for PATH_INFO
to be exposed. Otherwise, it's not.
See bug 50581 for additional details and discussion.
I have looked for other modules with similar problems and have not found
any.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50880] mod_proxy_scgi does not comply with RFC
3875 (CGI 1.1)
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50880
Jim Jagielski <ji...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #2 from Jim Jagielski <ji...@apache.org> 2011-05-19 16:04:05 UTC ---
r1124979
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50880] mod_proxy_scgi does not comply with RFC
3875 (CGI 1.1)
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50880
Mark Montague <ma...@catseye.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |PatchAvailable
CC| |mark@catseye.org
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org