Hi,
When apache is used with mod_proxy as reverse proxy and not proxy, and when
there is a %00 in the url, the request is directly refused by the reverse proxy.
In the code, in ap_process_request_internal function (server/request.c):
/* Ignore embedded %2F's in path for proxy requests */
if (!r->proxyreq && r->parsed_uri.path) {
core_dir_config *d;
d = ap_get_module_config(r->per_dir_config, &core_module);
if (d->allow_encoded_slashes) {
access_status = ap_unescape_url_keep2f(r->parsed_uri.path);
}
else {
access_status = ap_unescape_url(r->parsed_uri.path);
}
if (access_status) {
if (access_status == HTTP_NOT_FOUND) {
if (! d->allow_encoded_slashes) {
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
"found %%2f (encoded '/') in URI "
"(decoded='%s'), returning 404",
r->parsed_uri.path);
}
}
return access_status;
}
}
If mod_proxy is used, r->proxyreq contains something at this step, but if it's
used as a reverse proxy, r->proxyreq is empty and this block is executed.
The request containing %00 is answered as a 404 without contacting the backend
server.
Is there a reason to not reverse proxy a request containing a %00 ?
Cheers,
Matthieu
