You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Mike Cardwell <ap...@lists.grepular.com> on 2007/03/07 15:48:16 UTC

[users@httpd] Re: mod_proxy doesn't proxy with %2F

* on the Wed, Mar 07, 2007 at 10:28:22AM +0000, Mike Cardwell wrote:

> Using the standard Redhat Enterprise 4, Apache 2.0.52 RPMs here. I have
> a CommunigatePro server. It runs it's own http daemon for the
> administration interface, and webmail. We needed to extend it in several
> ways, so I stuck an Apache mod_proxy in front of it. Here's the config I
> used which works fine:
> 
> ProxyPass        / https://127.0.0.1:9100/
> ProxyPassReverse / https://127.0.0.1:9100/
> 
> However. When using webmail, if you go to view an attachment like for
> example "filename.txt" from message "message_id" in folder "INBOX" the
> url would look like:
> 
> https://the.domain/session/session_id/MessagePart/INBOX/message_id/filename.txt
> 
> That works absolutely fine. The problem is when the file is in a
> subfolder, eg "INBOX/Archive". Then the url becomes:
> 
> https://the.domain/session/session_id/MessagePart/INBOX%2FArchive/message_id/filename.txt
> 
> With the url above, mod_proxy simply does *nothing*, I get an Apache 404
> error message because the path doesn't exist locally because mod_proxy
> hasn't attempted to do the proxying. I've used tcpdump to verify that
> there is no connection to port 9100 when I make the request.
> 
> Is this a bug, or am I doing something dumb?

This was on the dev list. I've brought it onto the users list as I no
longer think it's a bug as such. Please see my original email above, and
my update below for the issue.

Right. I've made a *little* progress. Reading the core docs I found:

"The AllowEncodedSlashes directive allows URLs which contain encoded path
separators (%2F for /  and additionally %5C for \ on according systems)
to be used. Normally such URLs are refused with a 404 (Not found)
error."

So these requests are being 404'd simply for containing %2F's in the
path. When I turn on encoded slashes with:

AllowEncodedSlashes On

It starts to proxy. But it starts to proxy the wrong thing

Requests for:
https://the.domain/session/session_id/MessagePart/INBOX%2FArchive/message_id/filename.txt

Get proxied to:

https://127.0.0.1:9100/session/session_id/MessagePart/INBOX/Archive/message_id/filename.txt

I need it to be proxied to:

https://127.0.0.1:9100/session/session_id/MessagePart/INBOX%2FArchive/message_id/filename.txt

Where do I go from here?

Mike

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Re: mod_proxy doesn't proxy with %2F

Posted by Mike Cardwell <ap...@lists.grepular.com>.

* on the Wed, Mar 07, 2007 at 01:50:18PM -0500, Jack Saunders wrote:

>>> This was on the dev list. I've brought it onto the users list as I no
>>> longer think it's a bug as such. Please see my original email above, and
>>> my update below for the issue.
>>>
>>> Right. I've made a *little* progress. Reading the core docs I found:
>>>
>>> "The AllowEncodedSlashes directive allows URLs which contain encoded path
>>> separators (%2F for /  and additionally %5C for \ on according systems)
>>> to be used. Normally such URLs are refused with a 404 (Not found)
>>> error."
>>>
>>> So these requests are being 404'd simply for containing %2F's in the
>>> path. When I turn on encoded slashes with:
>>>
>>> AllowEncodedSlashes On
>>>
>>> It starts to proxy. But it starts to proxy the wrong thing
>>>
>>> Requests for:
>>> 
>>> https://the.domain/session/session_id/MessagePart/INBOX%2FArchive/message_id/filename.txt
>>>
>>> Get proxied to:
>>>
>>> 
>>> https://127.0.0.1:9100/session/session_id/MessagePart/INBOX/Archive/message_id/filename.txt
>>>
>>> I need it to be proxied to:
>>>
>>> 
>>> https://127.0.0.1:9100/session/session_id/MessagePart/INBOX%2FArchive/message_id/filename.txt
>>>
>>> Where do I go from here?
>> I've sorted this now. Using a combination of AllowEncodedSlashes,
>> mod_rewrite and an external script called as a RewriteMap to change /'s
>> to %2F's. A horrible, unholy hack, but it works.
> I was running into the exact same issue with proxying to a lotus
> Workplace (Quickplace) application.  Can you give me more indepth
> information on how you resolved this.

Hi Jack. It's a horrible hack but it works for me. You'll need to make
some changes obviously to get it to work for you, but hopefully this'll
point you in the right direction...

The original request:

https://the.domain/session/session_id/MessagePart/INBOX%2FArchive/message_id/filename.txt

What I wanted that to proxy to:

https://127.0.0.1:9100/session/session_id/MessagePart/INBOX%2FArchive/message_id/filename.txt

Now, you'd think that would be fairly easy wouldn't you? ;) Apache returned
404 before it even got to mod_proxy because the URL contained %2F. So I
turned on the AllowEncodedSlashes directive. See
http://httpd.apache.org/docs/2.0/mod/core.html#allowencodedslashes for a
description of the default %2F behaviour, and how AllowEncodedSlashes
changes that.

Enabling that option then meant that the request was getting to
mod_proxy. However, mod_proxy was seeing
"/session/session_id/MessagePart/INBOX/Archive/message_id/filename.txt"
rather than
"/session/session_id/MessagePart/INBOX%2FArchive/message_id/filename.txt"

I needed to maintain the encoded forward slashes. So instead of using
mod_proxy for these particular requests directly, I set up a mod_rewrite
rule. I needed to split the path into three parts, and encode the middle
part, then stick them back together, before proxying using mod_rewrite:

Part1: /session/session_id/MessagePart/
Part2: Bit to be encoded
Part3: message_id/filename.txt

I wrote an external script to be used with RewriteMap to encode the
middle part:

=======================================================================
#!/usr/bin/perl
$|=1;
while(<STDIN>){
   s/\//\%2F/g;
   print;
}
=======================================================================

I then defined the RewriteMap for the script:

     RewriteMap encode_slashes prg:/etc/httpd/conf.d/rewrite_slashes.pl

I then added the following rewrite rules:

     RewriteCond %{REQUEST_URI} ^/session/[^/]+/MessagePart/
     RewriteRule ^proxy:(https://127.0.0.1:9100/session/[^/]+/MessagePart/)(.+)(/[^/]+/[^/]+)$ $1${encode_slashes:$2}$3 [P]

Hope this helps,

Mike

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Re: mod_proxy doesn't proxy with %2F

Posted by Jack Saunders <ja...@gmail.com>.

Mike,

I was running into the exact same issue with proxying to a lotus
Workplace (Quickplace) application.  Can you give me more indepth
information on how you resolved this.

Thanks a bunch!
Jack

On 3/7/07, Mike Cardwell <ap...@lists.grepular.com> wrote:
> * on the Wed, Mar 07, 2007 at 02:48:16PM +0000, Mike Cardwell wrote:
>
> > This was on the dev list. I've brought it onto the users list as I no
> > longer think it's a bug as such. Please see my original email above, and
> > my update below for the issue.
> >
> > Right. I've made a *little* progress. Reading the core docs I found:
> >
> > "The AllowEncodedSlashes directive allows URLs which contain encoded path
> > separators (%2F for /  and additionally %5C for \ on according systems)
> > to be used. Normally such URLs are refused with a 404 (Not found)
> > error."
> >
> > So these requests are being 404'd simply for containing %2F's in the
> > path. When I turn on encoded slashes with:
> >
> > AllowEncodedSlashes On
> >
> > It starts to proxy. But it starts to proxy the wrong thing
> >
> > Requests for:
> > https://the.domain/session/session_id/MessagePart/INBOX%2FArchive/message_id/filename.txt
> >
> > Get proxied to:
> >
> > https://127.0.0.1:9100/session/session_id/MessagePart/INBOX/Archive/message_id/filename.txt
> >
> > I need it to be proxied to:
> >
> > https://127.0.0.1:9100/session/session_id/MessagePart/INBOX%2FArchive/message_id/filename.txt
> >
> > Where do I go from here?
>
> I've sorted this now. Using a combination of AllowEncodedSlashes,
> mod_rewrite and an external script called as a RewriteMap to change /'s
> to %2F's. A horrible, unholy hack, but it works.
>
> Mike
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Re: mod_proxy doesn't proxy with %2F

Posted by Mike Cardwell <ap...@lists.grepular.com>.

* on the Wed, Mar 07, 2007 at 02:48:16PM +0000, Mike Cardwell wrote:

> This was on the dev list. I've brought it onto the users list as I no
> longer think it's a bug as such. Please see my original email above, and
> my update below for the issue.
> 
> Right. I've made a *little* progress. Reading the core docs I found:
> 
> "The AllowEncodedSlashes directive allows URLs which contain encoded path
> separators (%2F for /  and additionally %5C for \ on according systems)
> to be used. Normally such URLs are refused with a 404 (Not found)
> error."
> 
> So these requests are being 404'd simply for containing %2F's in the
> path. When I turn on encoded slashes with:
> 
> AllowEncodedSlashes On
> 
> It starts to proxy. But it starts to proxy the wrong thing
> 
> Requests for:
> https://the.domain/session/session_id/MessagePart/INBOX%2FArchive/message_id/filename.txt
> 
> Get proxied to:
> 
> https://127.0.0.1:9100/session/session_id/MessagePart/INBOX/Archive/message_id/filename.txt
> 
> I need it to be proxied to:
> 
> https://127.0.0.1:9100/session/session_id/MessagePart/INBOX%2FArchive/message_id/filename.txt
> 
> Where do I go from here?

I've sorted this now. Using a combination of AllowEncodedSlashes,
mod_rewrite and an external script called as a RewriteMap to change /'s
to %2F's. A horrible, unholy hack, but it works.

Mike

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org