It should be RewriteRule not RewriteMap in my previous mail. I
simplified the config to a single RewriteRule but forgot to adjst
subject and intro of my mail. The problem remains the same.
On 23.03.2012 18:00, Rainer Jung wrote:
It seems using a rewrite map in a forward proxy is broken in 2.2.22. It
was working until 2.2.21. The problem is the fix for CVE-2011-4317 which
returns DECLINED in hook_uri2file() in mod_rewrite.
The config is roughly:
Listen 3128
<VirtualHost *:3128>
ProxyRequests on
RewriteEngine on
RewriteRule http://myserver.example.com/dummy.txt
/opt/apache/htdocs/dummy.txt
</VirtualHost>
The actual config is more complex, but the above suffices to reproduce.
In case you wonder why one would want to do that: the real config has a
list of rewrite rules (actually a rewrite map) containing URLs of large
files which have been deployed directly on the forward proxy and should
not be proxied, instead be delivered from the local file system.
The actual rules then have a part that fall back to normal proxying any
URL, which is not handled by the rewrite rules. I ommitted these here,
because they are not relevant for reproduction.
I added a log statement and it is indeed the new "return DECLINED" we
have backported from trunk in 2.2.22. The triggering case is that the
uri does not start with a "/".
Test case:
curl -x localhost:3128 http://myserver.example.com/dummy.txt
Expected result: getting the file /opt/data/dummy.txt
Actual result: The RewriteMap is not being called, instead the fallback
config I removed here is executed and the file is retrieved from the
origin server
Any idea how to fix? Or do you think this is correct behaviour?
Regards,
Rainer
--
kippdata
informationstechnologie GmbH Tel: 0228 98549 -0
Bornheimer Str. 33a Fax: 0228 98549 -50
53111 Bonn www.kippdata.de
HRB 8018 Amtsgericht Bonn / USt.-IdNr. DE 196 457 417
Geschäftsführer: Dr. Thomas Höfer, Rainer Jung, Sven Maurmann
