You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Alberto Barbati <ab...@iaanus.com> on 2005/03/15 15:54:53 UTC
[users@httpd] BUG? RewriteEngine from VirtualHost invoked on response to CONNECT
Hi Everybody,
[Fedora Core 3, httpd 2.0.52]
as many of us, I periodically see in my logs an attempt to check the
proxy capabilities of my server, namely the request "CONNECT
1.3.3.7:1337 HTTP/1.0".
I would expect the request to fail with a result of 4xx (405 to be
exact). With my surprise, I found that the request succeded with a
result of 301 (redirect permanently) instead. As the redirected URL
contained the string "/mailman/info" I quickly understood that the
problem was in the configuration of one of my virtual hosts (the one
that handles mailman lists):
--------------
<VirtualHost X.X.X.X:80>
ServerName lists
ServerAlias lists.*
UseCanonicalName Off
RewriteEngine On
RewriteRule ^/(mailman/?)?$ /mailman/listinfo [R=permanent,L]
[rest omitted for brevity]
</VirtualHost>
--------------
The one above is the only occurrence of "RewriteEngine On" in my whole
configuration.
It seems that the CONNECT request has been processed by mod_rewrite
according to a directive that should be restricted to my named-based
virtual host. This looks very fishy to me.
As a workaround, I added
RewriteCond %{REQUEST_METHOD} ^GET$
before the RewriteRule, yet I think my original configuration had
nothing wrong and Apache should have behaved differently.
Is it a bug in Apache? Has it been fixed in 2.0.53 (o later)? Am I
missing something?
Thanks in advance,
Alberto
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] BUG? RewriteEngine from VirtualHost invoked on response to CONNECT
Posted by Noah <si...@onastick.net>.
On Tue, Mar 15, 2005 at 03:54:53PM +0100, Alberto Barbati wrote:
> Hi Everybody,
>
> [Fedora Core 3, httpd 2.0.52]
>
> as many of us, I periodically see in my logs an attempt to check the
> proxy capabilities of my server, namely the request "CONNECT
> 1.3.3.7:1337 HTTP/1.0".
>
> --------------
> <VirtualHost X.X.X.X:80>
> ServerName lists
> ServerAlias lists.*
> UseCanonicalName Off
>
> RewriteEngine On
> RewriteRule ^/(mailman/?)?$ /mailman/listinfo [R=permanent,L]
>
> [rest omitted for brevity]
>
> </VirtualHost>
> --------------
>
> It seems that the CONNECT request has been processed by mod_rewrite
> according to a directive that should be restricted to my named-based
> virtual host. This looks very fishy to me.
If this is the first VirtualHost block in your httpd.conf, it's the
'default' VirtualHost, and is the one Apache will use for requests that
don't match an explicit VirtualHost block. So, if the CONNECT request
was issued to your IP address and no Host: header was sent, the default
VirtualHost block will get used. See 'Using Name-based Virtual Hosts' at
http://httpd.apache.org/docs/vhosts/name-based.html, and the
<VirtualHost> documentation at
http://httpd.apache.org/docs/mod/core.html#virtualhost.
--n
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] BUG? RewriteEngine from VirtualHost invoked on
response to CONNECT
Posted by Alberto Barbati <ab...@iaanus.com>.
Joshua Slive wrote:
>On Tue, 15 Mar 2005 15:54:53 +0100, Alberto Barbati <ab...@iaanus.com> wrote:
>
>
>I assume that is the virtual host listed first in your config file?
>Then it is perfectly expected that it should be serving all requests
>that don't otherwise belong to another virtual host. See:
>http://httpd.apache.org/docs/misc/FAQ.html#proxyscan
>
>
You're correct. I didn't realize it was the first virtual host as its
configuration was in conf.d/mailman.conf, which is included before my
other virtual hosts. I moved it elsewhere (as it should have been in the
first place) and added a default virtual host with "deny from all" as
described in the link you sent. Now I feel much better.
Thanks a lot for the help.
Alberto
PS: Thanks to Noah too!
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] BUG? RewriteEngine from VirtualHost invoked on response to CONNECT
Posted by Joshua Slive <js...@gmail.com>.
On Tue, 15 Mar 2005 15:54:53 +0100, Alberto Barbati <ab...@iaanus.com> wrote:
> Hi Everybody,
>
> [Fedora Core 3, httpd 2.0.52]
>
> as many of us, I periodically see in my logs an attempt to check the
> proxy capabilities of my server, namely the request "CONNECT
> 1.3.3.7:1337 HTTP/1.0".
>
> I would expect the request to fail with a result of 4xx (405 to be
> exact). With my surprise, I found that the request succeded with a
> result of 301 (redirect permanently) instead. As the redirected URL
> contained the string "/mailman/info" I quickly understood that the
> problem was in the configuration of one of my virtual hosts (the one
> that handles mailman lists):
>
> --------------
> <VirtualHost X.X.X.X:80>
> ServerName lists
> ServerAlias lists.*
> UseCanonicalName Off
>
> RewriteEngine On
> RewriteRule ^/(mailman/?)?$ /mailman/listinfo [R=permanent,L]
>
> [rest omitted for brevity]
>
> </VirtualHost>
> --------------
>
> The one above is the only occurrence of "RewriteEngine On" in my whole
> configuration.
>
> It seems that the CONNECT request has been processed by mod_rewrite
> according to a directive that should be restricted to my named-based
> virtual host. This looks very fishy to me.
I assume that is the virtual host listed first in your config file?
Then it is perfectly expected that it should be serving all requests
that don't otherwise belong to another virtual host. See:
http://httpd.apache.org/docs/misc/FAQ.html#proxyscan
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org