You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apache-bugdb@apache.org by Kenichi Hori <ke...@d2.bs1.fc.nec.co.jp> on 1997/07/02 03:10:01 UTC

mod_proxy/812: URLs other than http: scheme are not properly analyzed when being forwarded to another proxy

>Number:         812
>Category:       mod_proxy
>Synopsis:       URLs other than http: scheme are not properly analyzed when being forwarded to another proxy
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Tue Jul  1 18:10:01 1997
>Originator:     ken@d2.bs1.fc.nec.co.jp
>Organization:
apache
>Release:        Apache/1.2.0
>Environment:
FreeBSD 2.2.1-RELEASE
>Description:
In line 172 of proxy_http.c, proxy_http_handler() blindly assumes "http://"
URL which is not always the case if ProxyRemote is defined.
For example, when "ftp://user:passwd@host:port/path" is being forwarded,
desthost, destport and destportstr variables are not properly set.
As a result, wrong hostname is checked against NoCache and
ProxyBlock directives and wrong "Host:" header is sent.
>How-To-Repeat:
Set "ProxyRemote * other.proxy.server", and "ProxyBlock some.domain".
will pass "GET ftp://some.domain".
>Fix:
I temporarily replaced url+=7; with a fragment of code to handle
both http: and ftp: for my purpose, but shoudn't it be done
somewhere outside of proxy_http_handler()%3
>Audit-Trail:
>Unformatted: