On 6/9/20 12:05 PM, jean-frederic clere wrote:
> Hi,
>
> Basically it adds servletnormalizecheck to mod_proxy for
> ProxyPass/ProxyPassMatch and mod_rewrite when using P
> I have tested the following uses:
> #ProxyPass /docs ajp://localhost:8009/docs secret=%A1b2!@
> servletnormalizecheck
>
> #ProxyPassMatch "^/docs(.*)$" "ajp://localhost:8009/docs$1" secret=%A1b2!@
> servletnormalizecheck
>
> #RewriteEngine On
> #RewriteRule "^/docs(.*)$" "ajp://localhost:8009/docs$1" [P,SNC]
> #<Proxy "ajp://localhost:8009/docs">
> #ProxySet connectiontimeout=5 timeout=30 secret=%A1b2!@
> #</Proxy>
>
> #<Location "/docs">
> # ProxyPass ajp://localhost:8009/docs secret=%A1b2!@ servletnormalizecheck
> #</Location>
>
> What is not supported is
> curl -v --path-as-is
> "http://localhost:8000/docs/..;foo=bar/;foo=bar/test/index.jsp";
>
> that could be remapped to
> ProxyPass /test ajp://localhost:8009/test secret=%A1b2!@
> servletnormalizecheck
> or a <location test/>
>
> Comments?
I understood from Mark that the request you do above with curl should not be
denied but just mapped to /test.
But rethinking that, it becomes real fun: For mapping we should use the URI
stripped off path parameters and then having done the
shrinking operation (servlet normalized) but we should use the original URI
having done the shrinking operation with path
parameters to sent to the backend. That might work for a simple prefix
matching, but it seems to be very difficult for regular
expression scenarios where you might use complex captures from the matching to
build the result. But if the matching was done
against the servlet normalized URI the captures might be different, than the
ones you would have got when doing the same against
not normalized URI. So I am little bit lost here.
What if we just have an option on virtual host base to drop path parameters of
the following kind
s#/([.]{0,2})(;[^/]*)/#/$1/g
do the usual shrinking operation afterwards and just process them afterwards as
usual.
Regards
Rüdiger
