Bug#501354: Regression in FastCGI path handling in 1.4.13-4etch11 security upload
(Please ensure you CC the submitter next time; your response has been sitting on the BTS for over a month now as I had not been notified there was any update. :/) Olaf wrote: For example, visiting /foo would result in the application (NB. not the webserver) reporting a 404 at /mytab.fcgi/foo. What path do you expect the FastCGI app to get? /foo, I think. (Tagging as 'security' to alert the uploader, feel free to drop it.) That's not how that tag is supposed to be used. Right - I thought as much, hence being open about dropping it.. Regards, -- ,''`. : :' : Chris Lamb `. `'` [EMAIL PROTECTED] `- signature.asc Description: PGP signature
Bug#501354: Regression in FastCGI path handling in 1.4.13-4etch11 security upload
Chris Lamb wrote: (Please ensure you CC the submitter next time; your response has been sitting on the BTS for over a month now as I had not been notified there was any update. :/) The BTS should be fixed to do that automatically. ;) Olaf wrote: For example, visiting /foo would result in the application (NB. not the webserver) reporting a 404 at /mytab.fcgi/foo. What path do you expect the FastCGI app to get? /foo, I think. What 'path' are you referring to? REQUEST_URI? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#501354: Regression in FastCGI path handling in 1.4.13-4etch11 security upload
Package: lighttpd Version: 1.4.13-4etch11 Tags: security Hi, When upgrading from 1.4.13-4etch10 to 1.4.13-4etch11, I noticed that my FastCGI applications were not being passed the correct path. For example, visiting /foo would result in the application (NB. not the webserver) reporting a 404 at /mytab.fcgi/foo. My lighttpd setup is quite simple and mostly copied from the the Django documentation: $SERVER[socket] == 89.16.166.30:443 { ssl.engine = enable ssl.pemfile = /etc/lighttpd/mytab.pem $HTTP[host] =~ ^(www\.)?mytab\.co\.uk$ { server.document-root = /srv/mytab.co.uk/htdocs/app/mytab/ url.rewrite-once = ( ^(/site_media/.*)$ = $1, ^(/media/.*)$ = $1, ^(/.*)$ = mytab.fcgi$1, ) } } fastcgi.server = ( /mytab.fcgi = ( ( socket = /srv/mytab.co.uk/htdocs/mysite.sock, check-local = disable, ) ), ) Re-installing lighttpd 1.4.13-4etch10 fixes this issue. Am I misconfiguring FastCGI incorrectly with respect to those changes in this upload? (Tagging as 'security' to alert the uploader, feel free to drop it.) Regards, -- ,''`. : :' : Chris Lamb `. `'` [EMAIL PROTECTED] `- signature.asc Description: PGP signature