On 10/06/2020 11:53, Ruediger Pluem wrote:
On 6/9/20 12:05 PM, jean-frederic clere wrote:
Hi,
Basically it adds servletnormalizecheck to mod_proxy for
ProxyPass/ProxyPassMatch and mod_rewrite when using P
I have tested the following uses:
#ProxyPass /docs ajp://localhost:8009/docs secret=%A1b2!@ servletnormalizecheck
#ProxyPassMatch "^/docs(.*)$" "ajp://localhost:8009/docs$1" secret=%A1b2!@
servletnormalizecheck
#RewriteEngine On
#RewriteRule "^/docs(.*)$" "ajp://localhost:8009/docs$1" [P,SNC]
#<Proxy "ajp://localhost:8009/docs">
#ProxySet connectiontimeout=5 timeout=30 secret=%A1b2!@
#</Proxy>
#<Location "/docs">
# ProxyPass ajp://localhost:8009/docs secret=%A1b2!@ servletnormalizecheck
#</Location>
What is not supported is
curl -v --path-as-is
"http://localhost:8000/docs/..;foo=bar/;foo=bar/test/index.jsp"
that could be remapped to
ProxyPass /test ajp://localhost:8009/test secret=%A1b2!@ servletnormalizecheck
or a <location test/>
Comments?
I understood from Mark that the request you do above with curl should not be
denied but just mapped to /test.
But rethinking that, it becomes real fun: For mapping we should use the URI
stripped off path parameters and then having done the
shrinking operation (servlet normalized) but we should use the original URI
having done the shrinking operation with path
parameters to sent to the backend. That might work for a simple prefix
matching, but it seems to be very difficult for regular
expression scenarios where you might use complex captures from the matching to
build the result. But if the matching was done
against the servlet normalized URI the captures might be different, than the
ones you would have got when doing the same against
not normalized URI. So I am little bit lost here.
What if we just have an option on virtual host base to drop path parameters of
the following kind
s#/([.]{0,2})(;[^/]*)/#/$1/g
do the usual shrinking operation afterwards and just process them afterwards as
usual.
I think it makes sense to have it there but separated from the
servletnormalizecheck because that changes the whole <VirtualHost/> mapping
So I will add something like MergeSlashes which will map
http://localhost:8000/docs/..;foo=bar/;foo=bar/test/index.jsp
to /test
And arrange the proxy so that /docs/..;foo=bar/;foo=bar/test/index.jsp
is sent to the back-end.
Should I commit my first proposal (it is easily backportable to 2.4.x)
and later work on the next one?
Regards
Rüdiger
--
Cheers
Jean-Frederic