https://issues.apache.org/bugzilla/show_bug.cgi?id=50589
Summary: Tilde characters are ALWAYS escaped by mod_proxy in
Apache 2.0.x
Product: Apache httpd-2
Version: 2.0.64
Platform: All
OS/Version: All
Status: NEW
Severity: trivial
Priority: P2
Component: mod_proxy
AssignedTo: [email protected]
ReportedBy: [email protected]
I've been using Apache's mod_proxy module recently when I came across a bug.
Addresses of the form:
www.zappos.com/donald-j-pliner-womens-boots~2
were being converted to
www.zappos.com/donald-j-pliner-womens-boots%7E2
When the Zappos servers see a url with %7E in them it will respond
with an HTTP 301 Moved Permanently to the same url with a decoded ~.
Tshark dump follows:
Hypertext Transfer Protocol
HTTP/1.1 301 Moved Permanently\r\n
[Expert Info (Chat/Sequence): HTTP/1.1 301 Moved Permanently\r\n]
[Message: HTTP/1.1 301 Moved Permanently\r\n]
[Severity level: Chat]
[Group: Sequence]
Request Version: HTTP/1.1
Response Code: 301
Server: nginx/0.8.34\r\n
Content-Type: text/html\r\n
Content-Length: 185\r\n
[Content length: 185]
Location: /donald-j-pliner-womens-boots~2\r\n
X-Core-Value: 6. Build Open and Honest Relationships With Communication\r\n
X-Recruiting: If you're reading this, maybe you should be working
at Zappos instead. Check out jobs.zappos.com\r\n
Vary: Accept-Encoding\r\n
Date: Fri, 14 Jan 2011 00:33:56 GMT\r\n
Connection: close\r\n
\r\n
Line-based text data: text/html
<html>\r\n
<head><title>301 Moved Permanently</title></head>\r\n
<body bgcolor="white">\r\n
<center><h1>301 Moved Permanently</h1></center>\r\n
<hr><center>nginx/0.8.34</center>\r\n
</body>\r\n
</html>\r\n
Because mod_proxy will always escape ~ into %7E this will quickly lead
to an infinite redirect loop (luckily most applications will get the
hint quickly).
I dug into why this is and came up with the following message:
http://marc.info/?l=apache-bugdb&m=99926707930303&w=2
Digging further I even found a commit to the Apache 2.2 branch:
http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/proxy_util.c?view=log&pathrev=571456
However, when I looked for a similar change in Apache 2.0.64 I notice
it was not present
http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/modules/proxy/proxy_util.c?revision=563329&view=markup
line 137
I assume it just never got back-ported.
I went to file a bug on the Apache website, but it suggested I ping
this mailing list first (http://httpd.apache.org/bug_report.html)
While Zappos' redirection is non-standard, forcing the URLEncoding of
the tilde character is not in keeping with RFC 2396 which supersedes
RFC 1738 and specifically states:
2.3. Unreserved Characters
Data characters that are allowed in a URI but do not have a reserved
purpose are called unreserved. These include upper and lower case
letters, decimal digits, and a limited set of punctuation marks and
symbols.
unreserved = alphanum | mark
mark = "-" | "_" | "." | "!" | "~" | "*" | "'" | "(" | ")"
Unreserved characters can be escaped without changing the semantics
of the URI, but this should not be done unless the URI is being used
in a context that does not allow the unescaped character to appear.
There for, I would recommend a similar change to Apache 2.0.x's
proxy_util.c in keeping with Apache 2.2.x's revision 571436.
Specifically, line 137, which reads:
allowed = "$-_.+!*'(),;:@&=";
should read:
allowed = "~$-_.+!*'(),;:@&=";
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
