mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem]
+ *) mod_proxy_http: Don't trigger a retry by the client if a failure to
+ read the response line was the result of a timeout.
+ [Adam Woodworth <mirkperl gmail.com>]
+
*) Support chroot on Unix-family platforms
PR 43596 [Dimitar Pashev <mitko banksoft-bg.com>]
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_proxy_http: Do not close the connection to the client if the reading
- of a response from the backend failed due to a timeout.
- [Adam Woodworth <mirkperl gmail.com>]
- Trunk version of patch:
- http://svn.apache.org/viewvc?rev=697362&view=rev
- Backport version for 2.2.x of patch:
- Trunk version of patch works
- +1: rpluem, jim, covener
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
ap_log_rerror(APLOG_MARK, APLOG_ERR, rc, r,
"proxy: error reading status line from remote "
"server %s", backend->hostname);
+ if (rc == APR_TIMEUP) {
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ "proxy: read timeout");
+ }
/*
* If we are a reverse proxy request shutdown the connection
* WITHOUT ANY response to trigger a retry by the client
* BUT currently we should not do this if the request is the
* first request on a keepalive connection as browsers like
* seamonkey only display an empty page in this case and do
- * not do a retry.
+ * not do a retry. We should also not do this on a
+ * connection which times out; instead handle as
+ * we normally would handle timeouts
*/
- if (r->proxyreq == PROXYREQ_REVERSE && c->keepalives) {
+ if (r->proxyreq == PROXYREQ_REVERSE && c->keepalives &&
+ rc != APR_TIMEUP) {
apr_bucket *eos;
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
projects / thirdparty / apache / httpd.git / commitdiff
