https://issues.apache.org/bugzilla/show_bug.cgi?id=52232
Bug #: 52232
Summary: mod_proxy returns 403 forbidden when query string
contains XML fragment
Product: Apache httpd-2
Version: 2.2.17
Platform: Other
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: mod_proxy_http
AssignedTo: [email protected]
ReportedBy: [email protected]
Classification: Unclassified
Dear Apachean
Apache HTTPD 2.2.17 is configured with the following reverse proxying
directives
AllowEncodedSlashes On
ProxyPass /abc/def/ https://other:port/abc/def/
ProxyPassReverse /abc/def/ https://other:port/abd/def/
Requests below are successfully reverse proxied
https://myhost.mydomain.com/abc/def/page
https://myhost.mydomain.com/abc/def/page?timezone%3DAU%26params%3Dtest
while the request (URL encoded and not encoded) results in 403 Forbidden error:
You don't have permission to access /abc/def/page on this server.
https://myhost.mydomain.com/abc/def/page?timezone=AU¶ms=<Params><Param
id="ARG_start" val="'now', '-100 days'"/><Param id="ARG_stop"
val="'now'"/></Params>
https://myhost.mydomain.com/abc/def/page?timezone%3DAU%26params%3D%3CParams%3E%3CParam%20id%3D%22ARG_start%22%20val%3D%22%27now%27%2C%20%27-100%20days%27%22%2F%3E%3CParam%20id%3D%22ARG_stop%22%20val%3D%22%27now%27%22%2F%3E%3C%2FParams%3E
My conclusion that the XML passed as parameters is the issue, however I was not
able to locate anything that explicitly forbids such query strings or makes
such query string acceptable.
Please advise
Irena
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
