You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2019/06/13 16:29:04 UTC
[Bug 63501] New: PATH_MAX artificially restricts Location path
matching length less than LimitRequestLine
https://bz.apache.org/bugzilla/show_bug.cgi?id=63501
Bug ID: 63501
Summary: PATH_MAX artificially restricts Location path matching
length less than LimitRequestLine
Product: Apache httpd-2
Version: 2.4.39
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Core
Assignee: bugs@httpd.apache.org
Reporter: mark@blackmans.org
Target Milestone: ---
We see errors like
(36)File name too long: [client 10.240.105.17:0] AH00127: Cannot map GET
/aveksa/nnnnnnnn.......nnn
when the PATH component is longer than 4096 characters but still under the
LimitRequestLine.
This appears to be due to the situation outlined in
https://stackoverflow.com/questions/5337891/apache-error-file-name-too-long-cannot-map-get
And filesystem path testing is done even though this URL would get handled by a
Location directive to proxy the request.
IMO paths matching a Location directive should not get mapped to a filesystem
path at all if a SetHandler is used.
Filesystem limitations should be be applied to a request that will never go to
the filesystem.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 63501] PATH_MAX artificially restricts Location path matching
length less than LimitRequestLine
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63501
mark@blackmans.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|Core |mod_rewrite
--- Comment #2 from mark@blackmans.org ---
Reviewing the code, this ap_core_translate only seems to be called by
mod_rewrite and mod_file_cache, and in this case I know that only mod_rewrite
is turned on. So the question is, how do we avoid this code path when a path
matches a Location directive.
https://github.com/apache/httpd/search?q=ap_core_translate&unscoped_q=ap_core_translate
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 63501] PATH_MAX artificially restricts Location path matching
length less than LimitRequestLine
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63501
--- Comment #5 from Eric Covener <co...@gmail.com> ---
(In reply to mark from comment #4)
> Hi, yes, I just spotted that when I was testing without mod_rewrite.
>
> https://github.com/apache/httpd/blob/
> 4c5c6c659d1e4ebe991f6f629a7cd8c017009a3b/server/core.c#L5900
>
> So, what makes sense to do here? Somehow, when a <Location> matches and a
> handler is defined, ap_core_translate should be skipped?
The precedent in mod_proxy is that if you don't care about URI to filesystem
mapping, you short-circuit it with your own translate_name that runs earlier.
Otherwise, the core doesn't know that a particular handler is going to use the
output of the mapping just because it's not a static file -- for example the
CGI handler uses the output to figure out what to execute.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 63501] PATH_MAX artificially restricts Location path matching
length less than LimitRequestLine
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63501
Christophe JAILLET <ch...@wanadoo.fr> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|mod_rewrite |Core
--- Comment #3 from Christophe JAILLET <ch...@wanadoo.fr> ---
Turn back to 'Core' component.
'ap_core_translate()' is also defined in the 'translate_name' hook.
Unless you are sure that mod_rewrite is involved, it is likely not there that
it is hit.
This hook is ran 'ap_run_translate_name()'.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 63501] PATH_MAX artificially restricts Location path matching
length less than LimitRequestLine
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63501
--- Comment #7 from William A. Rowe Jr. <wr...@apache.org> ---
Actually, the hook map_to_storage is the final intercept point before httpd
attempts to do this itself (which runs last if no module has reacted.)
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 63501] PATH_MAX artificially restricts Location path matching
length less than LimitRequestLine
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63501
--- Comment #8 from Ruediger Pluem <rp...@apache.org> ---
(In reply to mark from comment #6)
> Ok, thanks, in this case, the handler is the Oracle Webserver Weblogic
> plugin,
> https://docs.oracle.com/middleware/12211/webtier/develop-plugin/overview.
> htm#PLGWL391
>
> So we should ask Oracle to update their plugin to include a translate_name
> handler. That sounds painful, but probably the only option.
>
> I wonder if we should wrap our <Location> inside a <Proxy> or maybe just use
> Proxy. Can you use set-handler inside <Proxy>? I will peer at the docs.
Maybe a crazy idea, but if you write your own translate_name hook in lua?
http://httpd.apache.org/docs/2.4/mod/mod_lua.html#luahooktranslatename
Should be sufficient to return apache2.DECLINED for all but the URL's that
should go to Weblogic and for the ones that should get there set r.filename to
a dummy value (probably it is needed that this file exists and can be stated).
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 63501] PATH_MAX artificially restricts Location path matching
length less than LimitRequestLine
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63501
--- Comment #10 from mark@blackmans.org ---
https://docs.oracle.com/middleware/12213/webtier/develop-plugin/plugin_params.htm#PLGWL4398
WLForwardUriUnparsed
Default: OFF
Applies to: Oracle HTTP Server, Apache HTTP Server
When set to ON, the WLS plug-in will forward the original URI from the client
to WebLogic Server. When set to OFF (default), the URI sent to WebLogic Server
is subject to modification by mod_rewrite or other web server plug-in modules.
might also help
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 63501] PATH_MAX artificially restricts Location path matching
length less than LimitRequestLine
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63501
--- Comment #9 from mark@blackmans.org ---
Looking at server-info I see the following for mod_weblogic
Module Name: mod_weblogic.c
Content handlers: yes
Configuration Phase Participation: Create Directory Config, Merge Directory
Configs, Create Server Config, Merge Server Configs
Request Phase Participation: Translate Name, Map to Storage, Fixups, Content
Handlers
In the hooks list:
Translate Name:
00 mod_rewrite.c
00 mod_proxy.c
10 mod_alias.c
10 mod_jk.c
10 mod_weblogic.c
30 core.c
Map to Storage:
-10 core.c
00 mod_proxy.c
10 http_core.c
10 http_core.c
10 mod_jk.c
10 mod_weblogic.c
30 core.c
So I would interpret that as mod_weblogic actually inserting some hooks for
both of those handler phases.
My instinct now is to ditch mod_weblogic for this case and use
mod_proxy_balancer instead. Technically mod_weblogic does the same job as
mod_proxy_balancer, just with some Weblogic custom behaviours that may not be
necessary here.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 63501] PATH_MAX artificially restricts Location path matching
length less than LimitRequestLine
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63501
--- Comment #4 from mark@blackmans.org ---
Hi, yes, I just spotted that when I was testing without mod_rewrite.
https://github.com/apache/httpd/blob/4c5c6c659d1e4ebe991f6f629a7cd8c017009a3b/server/core.c#L5900
So, what makes sense to do here? Somehow, when a <Location> matches and a
handler is defined, ap_core_translate should be skipped?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 63501] PATH_MAX artificially restricts Location path matching
length less than LimitRequestLine
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63501
--- Comment #6 from mark@blackmans.org ---
Ok, thanks, in this case, the handler is the Oracle Webserver Weblogic plugin,
https://docs.oracle.com/middleware/12211/webtier/develop-plugin/overview.htm#PLGWL391
So we should ask Oracle to update their plugin to include a translate_name
handler. That sounds painful, but probably the only option.
I wonder if we should wrap our <Location> inside a <Proxy> or maybe just use
Proxy. Can you use set-handler inside <Proxy>? I will peer at the docs.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 63501] PATH_MAX artificially restricts Location path matching
length less than LimitRequestLine
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63501
--- Comment #1 from mark@blackmans.org ---
That last line should obviously read..
"Filesystem limitations should *NOT* be applied to a request that will never go
to the filesystem."
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org