You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Ian Morgan <im...@webcon.net> on 2000/03/16 06:36:53 UTC

mod_proxy/5891: Proxy'd server generated pages contain incorrect hostname in signature

>Number:         5891
>Category:       mod_proxy
>Synopsis:       Proxy'd server generated pages contain incorrect hostname in signature
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Wed Mar 15 21:40:00 PST 2000
>Closed-Date:
>Last-Modified:
>Originator:     imorgan@webcon.net
>Release:        1.3.12
>Organization:
apache
>Environment:
Linux light.webcon.net 2.2.14 #3 SMP Mon Mar 13 14:00:10 EST 2000 i686 unknown
egcs-1.1.2-24
mod_ssl-2.6.0-1.3.12

>Description:
Pages generated by the server during a proxy request (i.e. FTP through the
proxy server) have misleading information in the "ServerSignature" appended
to the page.

i.e. Browser-A connects to FTP-site-C via proxy-server-B. The page returned
contains the usual ftp directory output + proxy server signature:
Apache 1.3.12 Server at FTP-site-C Port 80

Even worse, if ServerSignature is set to "EMail", then the "FTP-site-C" is
linked to "mailto:ServerAdmin@proxy-server-B"!

Obviously the signature is wrong, it should be:
Apache 1.3.12 Server at proxy-server-B Port 80
>How-To-Repeat:
Connect to any FTP site via an Apache proxy server, while
UseCanonicalHostame is Off.
>Fix:
In function ap_psignature: use of ap_get_server_name(r) results in the
remote hostname rather than the local hostname (the proxy server).
It's related to "UseCanonicalHostname Off". Turning it On makes the
ServerSignature correct. This behaviour seems understandable based
on the purpose of UseCanonicalHostname, but causes extreme confusion since the
proxy server is reporting a completely wrong signature.
The ap_psignature needs to ALWAYS report the canonical hostname within
mod_proxy, and use ap_get_server_name everywhere else.
>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <ap...@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]