On Tue, Jun 25, 2024 at 11:35 PM Eric Covener <cove...@gmail.com> wrote:
>
> On Tue, Jun 25, 2024 at 5:22 PM Eric Covener <cove...@gmail.com> wrote:
> >
> > On Tue, Jun 25, 2024 at 5:06 PM Eric Covener <cove...@gmail.com> wrote:
> > >
> > > On Tue, Jun 25, 2024 at 4:35 PM Helmut K. C. Tessarek
> > > <tessa...@evermeet.cx> wrote:
> > > >
> > > > On 2024-06-25 02:53, Ruediger Pluem wrote:
> > > > > Can you provide more details on your configuration how you forward
> > > > > stuff to fcgi and what request you made?
> > > >
> > > > Very simple:
> > > >
> > > > <FilesMatch "\.php$">
> > > > SetHandler "proxy:unix:/run/php82-fpm/xxx.sock|fcgi://xxx"
> > > > </FilesMatch>
> > >
> > > I think this new path needs to account for UDS. The URL is e.g.
> > > "unix:/tmp/fake.sock|fcgi://xxx..." during proxy_fcgi_canon so it
> > > declines, then the core handler reports the error on the
> > > pseudo-filename.
> >
> > Or for now, skip the newly added proxy_fixup() and escape just
> > r->filename before it gets the handler prefixed to it?
>
> These all seem hairy. We can do something more targetted from the
> start to decrease the fallout?
The attached might work, currently testing but sending early if you
want to try too.
Index: include/ap_mmn.h
===================================================================
--- include/ap_mmn.h (revision 1918625)
+++ include/ap_mmn.h (working copy)
@@ -601,6 +601,7 @@
* 20120211.131 (2.4.59-dev) Add DAV_WALKTYPE_TOLERANT
* 20120211.131 (2.4.60-dev) Add ap_set_content_type_ex(), ap_filepath_merge(),
* and AP_REQUEST_TRUSTED_CT BNOTE.
+ * 20120211.133 (2.4.60-dev) Add ap_proxy_fixup_uds_filename()
*/
#define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */
@@ -608,7 +609,7 @@
#ifndef MODULE_MAGIC_NUMBER_MAJOR
#define MODULE_MAGIC_NUMBER_MAJOR 20120211
#endif
-#define MODULE_MAGIC_NUMBER_MINOR 131 /* 0...n */
+#define MODULE_MAGIC_NUMBER_MINOR 133 /* 0...n */
/**
* Determine if the server's current MODULE_MAGIC_NUMBER is at least a
Index: modules/proxy/mod_proxy.c
===================================================================
--- modules/proxy/mod_proxy.c (revision 1918625)
+++ modules/proxy/mod_proxy.c (working copy)
@@ -1298,7 +1298,7 @@ static int proxy_handler(request_rec *r)
ap_get_module_config(sconf, &proxy_module);
apr_array_header_t *proxies = conf->proxies;
struct proxy_remote *ents = (struct proxy_remote *) proxies->elts;
- int i, rc, access_status;
+ int rc = DECLINED, access_status, i;
int direct_connect = 0;
const char *str;
apr_int64_t maxfwd;
@@ -1314,22 +1314,30 @@ static int proxy_handler(request_rec *r)
}
if (!r->proxyreq) {
- rc = DECLINED;
/* We may have forced the proxy handler via config or .htaccess */
if (r->handler &&
strncmp(r->handler, "proxy:", 6) == 0 &&
strncmp(r->filename, "proxy:", 6) != 0) {
+ char *old_filename = r->filename;
+ /* Still need to fixup/canonicalize r->filename */
r->proxyreq = PROXYREQ_REVERSE;
r->filename = apr_pstrcat(r->pool, r->handler, r->filename, NULL);
- /* Still need to fixup/canonicalize r->filename */
- rc = proxy_fixup(r);
+ rc = ap_proxy_fixup_uds_filename(r, &r->filename);
+ if (rc <= OK) {
+ rc = proxy_fixup(r);
+ }
+ if (rc != OK) {
+ r->filename = old_filename;
+ r->proxyreq = 0;
+ }
}
- if (rc != OK) {
- return rc;
- }
- } else if (strncmp(r->filename, "proxy:", 6) != 0) {
- return DECLINED;
}
+ else if (strncmp(r->filename, "proxy:", 6) == 0) {
+ rc = OK;
+ }
+ if (rc != OK) {
+ return rc;
+ }
/* handle max-forwards / OPTIONS / TRACE */
if ((str = apr_table_get(r->headers_in, "Max-Forwards"))) {
Index: modules/proxy/mod_proxy.h
===================================================================
--- modules/proxy/mod_proxy.h (revision 1918625)
+++ modules/proxy/mod_proxy.h (working copy)
@@ -1003,6 +1003,16 @@ PROXY_DECLARE(proxy_balancer_shared *) ap_proxy_fi
proxy_balancer *balancer,
unsigned int *index);
+/*
+ * In the case of the reverse proxy, we need to see if we
+ * were passed a UDS url (eg: from mod_proxy) and adjust uds_path
+ * as required.
+ * @param r current request
+ * @param url request url to be fixed
+ * @return OK if fixed up, DECLINED if not UDS, or an HTTP_XXX error
+ */
+PROXY_DECLARE(int) ap_proxy_fixup_uds_filename(request_rec *r, char **url);
+
/**
* Get the most suitable worker and/or balancer for the request
* @param worker worker used for processing request
Index: modules/proxy/proxy_util.c
===================================================================
--- modules/proxy/proxy_util.c (revision 1918625)
+++ modules/proxy/proxy_util.c (working copy)
@@ -2429,7 +2429,7 @@ static int ap_proxy_retry_worker(const char *proxy
* were passed a UDS url (eg: from mod_proxy) and adjust uds_path
* as required.
*/
-static int fix_uds_filename(request_rec *r, char **url)
+PROXY_DECLARE(int) ap_proxy_fixup_uds_filename(request_rec *r, char **url)
{
char *uds_url = r->filename + 6, *origin_url;
@@ -2452,7 +2452,7 @@ static int ap_proxy_retry_worker(const char *proxy
if (!uds_path) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10292)
"Invalid proxy UDS filename (%s)", r->filename);
- return 0;
+ return HTTP_BAD_REQUEST;
}
apr_table_setn(r->notes, "uds_path", uds_path);
@@ -2464,8 +2464,10 @@ static int ap_proxy_retry_worker(const char *proxy
ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
"*: rewrite of url due to UDS(%s): %s (%s)",
uds_path, *url, r->filename);
+ return OK;
}
- return 1;
+
+ return DECLINED;
}
PROXY_DECLARE(int) ap_proxy_pre_request(proxy_worker **worker,
@@ -2484,7 +2486,7 @@ PROXY_DECLARE(int) ap_proxy_pre_request(proxy_work
ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
"%s: found worker %s for %s",
(*worker)->s->scheme, (*worker)->s->name_ex, *url);
- if (!forward && !fix_uds_filename(r, url)) {
+ if (!forward && ap_proxy_fixup_uds_filename(r, url) > OK) {
return HTTP_INTERNAL_SERVER_ERROR;
}
access_status = OK;
@@ -2516,7 +2518,7 @@ PROXY_DECLARE(int) ap_proxy_pre_request(proxy_work
* regarding the Connection header in the request.
*/
apr_table_setn(r->subprocess_env, "proxy-nokeepalive", "1");
- if (!fix_uds_filename(r, url)) {
+ if (ap_proxy_fixup_uds_filename(r, url) > OK) {
return HTTP_INTERNAL_SERVER_ERROR;
}
}
