You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apache-bugdb@apache.org by Cere Davis <ce...@u.washington.edu> on 1998/03/10 06:49:18 UTC

mod_proxy/1929: ProxyPass redirects with URL showing for requests made with the tilde

>Number:         1929
>Category:       mod_proxy
>Synopsis:       ProxyPass redirects with URL showing for requests made with the tilde
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Mon Mar  9 21:50:00 PST 1998
>Last-Modified:
>Originator:     cere@u.washington.edu
>Organization:
apache
>Release:        
>Environment:
Digital Unix 4.0B OSF1 pathclevel6
>Description:
ProxyPass shows redirected URL when URL uses the ~ character.

eg: http://www.oz.net/~cere will break ProxyPasses hidden redirection.

>How-To-Repeat:
Easy. Setup a ProxyPass statement like ProxyPass / http://eatme.com/
then query your proxy server (called foo.com) to http://foo.com/~cere
and watch it redirect you and then show you the redirected URL in the location
bar of your browser..
>Fix:
This problem was almost fixed between version 1.2.5 and 1.3.x but not quite...

I'm sure that it will be obvious to the person that patched the last ProxyPass
problem that was similar to this; which was that for ANY URL ProxyPass would
redirect but not hide the URL
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]