You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2012/05/24 11:00:48 UTC
[Bug 53286] New: No longer supports rewriting HTTP CONNECT
https://issues.apache.org/bugzilla/show_bug.cgi?id=53286
Priority: P2
Bug ID: 53286
Assignee: bugs@httpd.apache.org
Summary: No longer supports rewriting HTTP CONNECT
Severity: normal
Classification: Unclassified
OS: Linux
Reporter: g.russell@napier.ac.uk
Hardware: PC
Status: NEW
Version: 2.2.22
Component: mod_rewrite
Product: Apache httpd-2
I moved from 2.2.21 to 2.2.22 on Fedora 15, and my mod_rewrite commands are no
longer parsed when the request is the CONNECT method.
It used to be possible and reasonably documented to be able to do rewrites
like:
RewriteCond %{REQUEST_METHOD} ^connect$ [NC]
RewriteCond %{THE_REQUEST} !^connect\ tunnel-([^\
]+)\.proxymachine\.net:([0-9]+)\ .*$ [NC]
RewriteRule ^(.*)$ $1 [F,L]
I use code like this to rewrite the uri to point to the tunnel endpoint from a
RewriteMap file, and this has worked well for a few years. Even at logging
level 9 nothing it produced in 2.2.22. Reverting the mod_rewrite module to
2.2.21 fixes the issue.
Although not tested, I suspect httpd-2.2.22/modules/mappers/mod_rewrite.c at
line 4268, which returns DECLINED if the uri[0] is not "/". However CONNECT is
more likely to have the format "CONNECT the.machine.com:6000", and this
contains no "/" characters. In fact attempting a CONNECT with a "/" gives an
error very early on in the parse tree.
I think the " r->uri[0] != '/' " test should have been guarded with a "
r->method_number == M_CONNECT " test, but to be honest I have not tested this
except in my head.
Could we also add mod_rewrite parsing CONNECT as a regression test? It is so
useful but perhaps there are only a few of us making use of it that it would
take a while for someone to notice.
Thanks. I hope this report was useful. And by the way thanks for all your
efforts!
Gordon.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 53286] No longer supports rewriting HTTP CONNECT
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=53286
--- Comment #2 from Gordon <g....@napier.ac.uk> ---
Sorry to keep going on...
Looking at my patch maybe the rewritelog line needs to be protected against
r->uri being null? Probably someone with security knowledge should check this!
So maybe:
diff -Npru httpd-2.2.22.orig/modules/mappers/mod_rewrite.c
httpd-2.2.22/modules/
mappers/mod_rewrite.c
--- httpd-2.2.22.orig/modules/mappers/mod_rewrite.c 2012-01-24 19:39:31.0000
00000 +0000
+++ httpd-2.2.22/modules/mappers/mod_rewrite.c 2012-05-24 14:47:49.949153810 +0
100
@@ -4267,10 +4267,14 @@ static int hook_uri2file(request_rec *r)
}
if ((r->unparsed_uri[0] == '*' && r->unparsed_uri[1] == '\0')
- || !r->uri || r->uri[0] != '/') {
+ || !r->uri ||
+ (r->uri[0] != '/' && r->method_number != M_CONNECT)) {
+ rewritelog((r, 2, NULL, "uri %s is considered a security risk",
+ r->uri ? r->uri : "<null>"));
return DECLINED;
}
+
/*
* add the SCRIPT_URL variable to the env. this is a bit complicated
* due to the fact that apache uses subrequests and internal redirects
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 53286] No longer supports rewriting HTTP CONNECT
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=53286
Rainer Jung <ra...@kippdata.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |DUPLICATE
--- Comment #3 from Rainer Jung <ra...@kippdata.de> ---
*** This bug has been marked as a duplicate of bug 52774 ***
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 53286] No longer supports rewriting HTTP CONNECT
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=53286
--- Comment #1 from Gordon <g....@napier.ac.uk> ---
The following patch fixes the problem for me. It also gives some logging for
future users want to debug similar issues.
-----
diff -Npru httpd-2.2.22.orig/modules/mappers/mod_rewrite.c
httpd-2.2.22/modules/
mappers/mod_rewrite.c
--- httpd-2.2.22.orig/modules/mappers/mod_rewrite.c 2012-01-24 19:39:31.0000
00000 +0000
+++ httpd-2.2.22/modules/mappers/mod_rewrite.c 2012-05-24 14:47:49.949153810 +0
100
@@ -4267,10 +4267,14 @@ static int hook_uri2file(request_rec *r)
}
if ((r->unparsed_uri[0] == '*' && r->unparsed_uri[1] == '\0')
- || !r->uri || r->uri[0] != '/') {
+ || !r->uri ||
+ (r->uri[0] != '/' && r->method_number != M_CONNECT)) {
+ rewritelog((r, 2, NULL, "uri %s is considered a security risk",
+ r->uri));
return DECLINED;
}
+
/*
* add the SCRIPT_URL variable to the env. this is a bit complicated
* due to the fact that apache uses subrequests and internal redirects
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org