Bug 134764
Summary: | mod_proxy does URL escaping twice | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 3 | Reporter: | andreas.mack <andreas.mack> |
Component: | httpd | Assignee: | Joe Orton <jorton> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3.0 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-10-19 19:17:05 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
andreas.mack@konsec.com
2004-10-06 06:37:19 UTC
Thanks for the report. Bug report is misleading, it was another problem: If the auth module does authentication not with AuthType Basic, but through other means, if the "AuthType" is left out, the fixups for other modules, in this case the proxy module won't run. If "AuthType XXXX" with "XXXX" as some random/module depended string is added to the protected Location, it will work. Hope this helps. Maybe this should be documented somewhere. I have no information about the "twice escaping bug" I mentioned. As far as I am concerned, this bug can be closed as "invalid" or so. Thanks for the further information. Can you post a complete <Location> block which triggers the bug, for you? This is depended on the auth module, in our case, mod_auth_mda http://www.frogdot.org/ ------------------------------------------------ ProxyPass /myapp https://192.168.0.2/myapp ProxyPassReverse /myapp https://192.168.0.2/myapp <Location /myapp/> AuthName MDAAuth #AuthType MdaCookie Require valid-user MDARealmMask "0000000001" MDAAuthTimeoutURL "http://myhost/login" MDAAuthLoginURL "http://myhost/login" MDAAuthTimeoutMin 600 </Location> --------------------------------------------------- if AuthType is NOT there, it won't work, if it's there it will work. Reason: /usr/src/redhat/BUILD/httpd-2.0.46/server/request.c, ~line 234: if (ap_some_auth_required(r)) { if (((access_status = ap_run_check_user_id(r)) != 0) || !ap_auth_type(r)) { return decl_die(access_status, ap_auth_type(r) ? "check user. No user file?" : "perform authentication. AuthType not set!", r); } The module returns "OK", but the auth type is not set, the decl_die is called. decl_die seems to see the "OK" and decides to continue the request. Let me know if you need further info. I forgot: decl_die continues, but the fixups in request.c in ap_process_request_internal can't be called anymore. The url for the proxy request isn't completed with the request parameters -> proxy request goes out without them. This bug is filed against RHEL 3, which is in maintenance phase. During the maintenance phase, only security errata and select mission critical bug fixes will be released for enterprise products. Since this bug does not meet that criteria, it is now being closed. For more information of the RHEL errata support policy, please visit: http://www.redhat.com/security/updates/errata/ If you feel this bug is indeed mission critical, please contact your support representative. You may be asked to provide detailed information on how this bug is affecting you. |