Check protocol for proxy requests
---------------------------------
Key: SHINDIG-662
URL: https://issues.apache.org/jira/browse/SHINDIG-662
Project: Shindig
Issue Type: Bug
Components: Gadget Rendering Server (PHP)
Environment: Multiple *nix
Reporter: Tim Wintle
ProxyHandler does not check the protocol of requests.
-> On our development servers, a request to proxy "file://[some big logfile]"
successfully tied up the server for 30 seconds of cpu time.
(The request was not passed back to the client, but this bug opens up a
possibility for dos attack)
Patch submitted simply checks that the requested url includes http, https or
ftp protocols if a protocol is specified.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
