DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=41798>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41798 Summary: mod_proxy rewrites url paths badly Product: Apache httpd-2 Version: 2.2.0 Platform: All OS/Version: other Status: NEW Severity: normal Priority: P2 Component: mod_proxy AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] This is related to bugs 39746 and 38448. After turning on AllowEncodedSlashes, Apache lets us use percent encoded forward slashes in the path. Eg: "http://foo/hello%2Fworld"; When using "ProxyPass / http://bar/"; mod_proxy makes a request for: "http://bar/hello/world"; That is wrong as I understand it. The forward slash at the end should be encoded still. RFC-1738, section 3.3 regarding HTTP URLs: "Within the <path> and <searchpart> components, "/", ";", "?" are reserved. The "/" character may be used within HTTP to designate a hierarchical structure." So... The forward slash is a reserved character. Section 2.2 says the following about reserved characters: "If the character corresponding to an octet is reserved in a scheme, the octet must be encoded." So as far as I can see http://foo/hello%2Fworld and http://foo/hello/world are distinctly different HTTP URLs that should be allowed to behave differently. Just because Apache treats them the same when serving local content, doesn't mean that other servers do when you're proxying the request to them, so I don't think the path should be rewritten in the way mod_proxy is doing it... Perhaps there should be an option called something like "ProxyPreservePathEncoding" which when turned on, means that *no* encoding/decoding of the path in the url is performed before it is proxied... If my browser makes a request for "http://foo/hello%2Fworld"; and I have "ProxyPass / http://bar/"; I *expect* it to call "http://bar/hello%2Fworld"; not "http://bar/hello/world"; as it does currently. It *should* be the default behaviour, but that would probably not be backwards compatible. Mike -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
