You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2002/07/26 12:24:39 UTC

DO NOT REPLY [Bug 11201] New: - Build static mod_rewrite and mod_proxy has proxy vulnerability

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11201>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11201

Build static mod_rewrite and mod_proxy has proxy vulnerability

           Summary: Build static mod_rewrite and mod_proxy has proxy
                    vulnerability
           Product: Apache httpd-1.3
           Version: 1.3.26
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Build
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: holger.manthey@bertelsmann.de


Configure apache with somethong like
./configure --enable-module=proxy --enable-module=rewrite ...
results in:

httpd -l
...
mod_rewrite.c
mod_proxy.c
...

This is because the default src/Configuration.tmpl contains first mod_rewrite
then mod_proxy. When using the proxy features with apache you can't deny the
usage with RewriteRules and everyone is able to use this proxy.

The Solution is build the server dynamic or change the moduleorder in
src/Configuration.tmpl

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org