On 17/06/2020 13:26, Yann Ylavic wrote:
On Sat, Jun 13, 2020 at 11:18 AM jean-frederic clere <jfcl...@gmail.com> wrote:
On 11/06/2020 13:50, Yann Ylavic wrote:
On Thu, Jun 11, 2020 at 1:22 PM Yann Ylavic <ylavic....@gmail.com> wrote:
On Thu, Jun 11, 2020 at 9:57 AM Yann Ylavic <ylavic....@gmail.com> wrote:
On Thu, Jun 11, 2020 at 9:50 AM Yann Ylavic <ylavic....@gmail.com> wrote:
We need a way to forward non %-decoded URLs upto mod_proxy (reverse)
if we want to normalize a second time..
IOW, this block in ap_process_request_internal():
[snip]
Should go _after_ the following:
[snip]
Or we could introduce a new pre_translate_name hook which would
execute before %-decoding, and be used by mod_proxy when
"ProxyPreTranslation on" is configured, and be a prerequisite for
mapping=servlet.
I find ProxyPreTranslation also useful for the non-servlet case btw.
Something like this attached v2 patch.
Here is a v3 with the relevant pre_translate_name hooks only and
ap_getparents() preserved when the URI does not start with '/' (which
makes the patch read better too).
with this patch, how to I get:
curl -v --path-as-is "http://localhost:8000/docs/..;food=bar/test/index.jsp
Mapped to
ProxyPass /test ajp://localhost:8009/test secret=%A1b2!@
Or rejected in case I have only:
ProxyPass /docs ajp://localhost:8009/docs secret=%A1b2!@
Right sorry, it does not work with patch v3, I mainly focused on the
"decode at the right place" part of the issue, which is not your
point..
I just staged a more complete proposal in
https://github.com/apache/httpd/pull/128
For the proxy servlet part, I think that we need a dedicated
alias_match() for servlet mapping (called alias_match_servlet() in the
PR), we can't normalize and match separately or the matched length is
completely off wrt the original URI-path.
Can you please try with the patches there? (the last is not really
necessary, it's just to complete the PR should this be merged).
You need to set:
ProxyMappingDecoded off
in your vhost (or directory) for servlet mapping to be active, with a
ProxyPass like:
ProxyPass /good/ http://127.0.0.1:80/good/ mapping=servlet
I tried with paths like
"/bad/..;foo=bar/.;foo=bar//other;foo=bar//..;foo=bar/good;foo1=bar1/;foo2=bar2/.;foo3=bar3///./index.html"
which results in "/good/;foo2=bar2/.;foo3=bar3///./index.html" being
forwarded, still things that shouldn't be seem to be declined.
The code in alias_match_servlet() is not really simple, but neither is
servlet mapping..
OK we are going forward:
ProxyMappingDecoded Off
ProxyPass /test ajp://localhost:8009/test secret=%A1b2!@
and curl -v --path-as-is
"http://localhost:8000/docs/..;food=bar/test/index.jsp 404 httpd.
ProxyMappingDecoded Off
ProxyPass /test ajp://localhost:8009/test secret=%A1b2!@ mapping=servlet
and curl -v --path-as-is
"http://localhost:8000/docs/..;food=bar/test/index.jsp 200 tc URL:
http://localhost:8000/test/index.jsp
but curl -v --path-as-is
"http://localhost:8000/docs/..;food=bar/test;food=bar/index.jsp" 404 httpd
what is going wrong with
"http://localhost:8000/docs/..;food=bar/test;food=bar/index.jsp"
same for "curl -v --path-as-is
"http://localhost:8000/test;food=bar/index.jsp"
ProxyMappingDecoded On
ProxyPass /test ajp://localhost:8009/test secret=%A1b2!@
mapping=servlet 404 httpd.
ProxyMappingDecoded On
ProxyPass /test ajp://localhost:8009/test secret=%A1b2!@ 404 httpd.
Comments?
Regards;
Yann.
--
Cheers
Jean-Frederic