https://bz.apache.org/bugzilla/show_bug.cgi?id=63437
--- Comment #13 from Joe Orton <[email protected]> --- We've had a small number of reports that the CVE-2019-0220 fix breaks previously working configurations, usually quite surprising or unusual configs which have simple workarounds. Most often these are cases which do clearly need "MergeSlashes Off" configured, e.g. where an application embeds full URLs within the path of an http[s]:// URL. The one given here is a surprising combination of forward and reverse proxy (RewriteRule .. [P]), and it is not obvious to me how we can address it w/o reverting the fix. The string matched by mod_rewrite for a forward proxy configuration with the proxy: prefix is kind of an internal implementation detail - pseudo-URI - with the proxy: prefix - and behaves oddly. For this configuration something like: <ProxyMatch http://httpd.apache.org/> RewriteEngine On RewriteRule httpd.apache.org/(.*) https://httpd.apache.org/$1 [L] </ProxyMatch> would seem more natural. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
