You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modproxy-dev@apache.org by "William A. Rowe, Jr." <wr...@rowe-clan.net> on 2001/09/03 20:14:43 UTC

Fw: mod_proxy/8277: URI escaping in the proxy module

Something to contemplate.  I don't know that it's something to act on.
Maybe by a config directive, perhaps?

----- Original Message -----
From: "Tor Jonsson" <to...@vd.volvo.se>
To: <su...@bugz.apache.org>
Sent: Friday, August 31, 2001 9:05 AM
Subject: mod_proxy/8277: URI escaping in the proxy module


>
> >Number:         8277
> >Category:       mod_proxy
> >Synopsis:       URI escaping in the proxy module
> >Confidential:   no
> >Severity:       non-critical
> >Priority:       medium
> >Responsible:    apache
> >State:          open
> >Quarter:
> >Keywords:
> >Date-Required:
> >Class:          change-request
> >Submitter-Id:   apache
> >Arrival-Date:   Fri Aug 31 07:10:00 PDT 2001
> >Closed-Date:
> >Last-Modified:
> >Originator:     tor.jonsson@vd.volvo.se
> >Release:        1.3.20
> >Organization:
> apache
> >Environment:
> Any
> >Description:
> When setting up the Apache as a reverse proxy against a server the proxy module
> escapes the tilde ~ character in the URI. Rfc2396 states that this escaping
> is not required.
> Some applications I try to reach through the reverse proxy doesn't unescape the URI properly (Stupid applications running on IIS).
> I know this is a bug in the target server to not unescape the URI but since this
> workaround complies with the rfc I think it should be implemented.
> >How-To-Repeat:
> httpd.conf
> ServerName myreverseproxy.com
> ProxyPass / http://mytarget.com/
> ProxyPassReverse / http://mytarget.com/
>
> Original request:
> http://myreverseproxy.com/test/~blaha
> This will render in:
> http://mytarget.com/test/%7Eblaha
> >Fix:
> Add the tilde character to allowed characters in function ap_proxy_canonenc in proxy_util.c
> >Release-Note:
> >Audit-Trail:
> >Unformatted:
>  [In order for any reply to be added to the PR database, you need]
>  [to include <ap...@Apache.Org> in the Cc line and make sure the]
>  [subject line starts with the report component and number, with ]
>  [or without any 'Re:' prefixes (such as "general/1098:" or      ]
>  ["Re: general/1098:").  If the subject doesn't match this       ]
>  [pattern, your message will be misfiled and ignored.  The       ]
>  ["apbugs" address is not added to the Cc line of messages from  ]
>  [the database automatically because of the potential for mail   ]
>  [loops.  If you do not include this Cc, your reply may be ig-   ]
>  [nored unless you are responding to an explicit request from a  ]
>  [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]
>
>
>
>