I don't remember this at all, is it completely wrong? I guess at the very least If you proxied in per-directory rewrite, you could make use of ProxyPassReverse in <Directory> all things being equal.
https://issues.apache.org/bugzilla/show_bug.cgi?id=47765 https://issues.apache.org/bugzilla/show_bug.cgi?id=54616 ---------- Forwarded message ---------- From: <[email protected]> Date: Fri, Nov 5, 2010 at 4:03 PM Subject: svn commit: r1031758 - in /httpd/httpd/trunk: CHANGES modules/proxy/mod_proxy.c To: [email protected] Author: covener Date: Fri Nov 5 20:03:02 2010 New Revision: 1031758 URL: http://svn.apache.org/viewvc?rev=1031758&view=rev Log: PR47765: ProxyPass and ProxyPassReverse should not be accepted in Directory or Files sections. Modified: httpd/httpd/trunk/CHANGES httpd/httpd/trunk/modules/proxy/mod_proxy.c Modified: httpd/httpd/trunk/CHANGES URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1031758&r1=1031757&r2=1031758&view=diff ============================================================================== --- httpd/httpd/trunk/CHANGES [utf-8] (original) +++ httpd/httpd/trunk/CHANGES [utf-8] Fri Nov 5 20:03:02 2010 @@ -6,6 +6,9 @@ Changes with Apache 2.3.9 Fix a denial of service attack against mod_reqtimeout. [Stefan Fritsch] + *) mod_proxy: Don't allow ProxyPass or ProxyPassReverse in + <Directory> or <Files>. PR47765 [Eric Covener] + *) prefork/worker/event MPMS: default value (when no directive is present) of MaxConnectionsPerChild/MaxRequestsPerChild is changed to 0 from 10000 to match default configuration and manual. PR47782 [Eric Covener] Modified: httpd/httpd/trunk/modules/proxy/mod_proxy.c URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy.c?rev=1031758&r1=1031757&r2=1031758&view=diff ============================================================================== --- httpd/httpd/trunk/modules/proxy/mod_proxy.c (original) +++ httpd/httpd/trunk/modules/proxy/mod_proxy.c Fri Nov 5 20:03:02 2010 @@ -1337,6 +1337,12 @@ static const char * int i; int use_regex = is_regex; unsigned int flags = 0; + const char *err; + + err = ap_check_cmd_context(cmd, NOT_IN_DIRECTORY|NOT_IN_FILES); + if (err) { + return err; + } while (*arg) { word = ap_getword_conf(cmd->pool, &arg); @@ -1490,6 +1496,12 @@ static const char * add_pass_reverse(cmd const char *fake; const char *real; const char *interp; + const char *err; + + err = ap_check_cmd_context(cmd, NOT_IN_DIRECTORY|NOT_IN_FILES); + if (err) { + return err; + } if (cmd->path == NULL) { if (r == NULL || !strcasecmp(r, "interpolate")) { -- Eric Covener [email protected] -- Eric Covener [email protected]
