Bug 1414037

Summary: mod_proxy_fcgi regression in 2.4.23+
Product: Red Hat Software Collections Reporter: Remi Collet <rcollet>
Component: httpdAssignee: Luboš Uhliarik <luhliari>
Status: CLOSED ERRATA QA Contact: BaseOS QE - Apps <qe-baseos-apps>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: httpd24CC: jhouska, jorton
Target Milestone: beta   
Target Release: 2.4   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: httpd24-httpd-2.4.25-5.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-04-26 10:23:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1404778    

Description Remi Collet 2017-01-17 15:14:23 UTC 
Tracker byug to ensure we don't break common configuration using RewriteRule

See discussion on https://github.com/apache/httpd/commit/cab0bfbb2645bb8f689535e5e2834e2dbc23f5a5
Comment 1 Joe Orton 2017-01-18 07:55:58 UTC 
http://www.mail-archive.com/dev@httpd.apache.org/msg67532.html
Comment 5 Jan Houska 2017-03-14 18:44:44 UTC 
Following tests using "RewriteRule" options  was found and their status was checked:

Regression/mod_proxy_wstunnel-with-ssl/rewrite.conf:RewriteRule ^/wss-app.* wss://%%hostname%%:8443 [P]  -- PASS
Regression/bz1060536-mod_rewrite-doesn-t-expose-client_addr/bug1060536.conf: RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}  -- PASS
Regression/mod-rewrite-ssl-client-auth-lookup/httpd.conf:  RewriteRule .* - [F]  -- PASS
Regression/bz517500-mod_rewrite-DPI/htaccess:RewriteRule ^foo-(.*) bar-$1 [DPI]  -- PASS
Regression/mod_rewrite-vs-mod_dir/bz1210091.conf:    RewriteRule ^$ duck.html [L]  -- PASS
Regression/bz1343582-451-status-code/httpd.conf:RewriteRule ^/rhts-call-your-laywer - [R=451,L]  -- PASS
security/CVE-2006-3747/httpd.conf:RewriteRule ^/rhts-cve-3747-(.*) $1  -- PASS
mod_cache/bug439842/runtest.sh:RewriteRule ^/cc\ dd /aa\ bb.html  -- PASS
Security/CVE-2011-3639-httpd-request-bypass-of-the-reverse-proxy/httpd.conf:    RewriteRule (.*) http://127.0.0.2:80$1 [P]  -- PASS
Security/CVE-2013-1862-httpd-mod-rewrite-allows-terminal-escape/httpd.conf:    RewriteRule ^path(.*) "http://127.0.0.1/ test/"  -- PASS
Security/CVE-2011-3368-httpd-reverse-web-proxy-vulnerability/httpd.conf:  RewriteRule (.*) http://localhost$1 [P]  -- PASS

Conclusions
All results PASSed therefore I assume this bug tracker as VERIFIED.
Comment 7 errata-xmlrpc 2017-04-26 10:23:48 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:1161