PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- *) mod_rewrite, mod_proxy: mod_proxy to cononicalize rewritten [P] URLs,
- including "unix:" ones. PR 69235, PR 69260, PR 56264
- Trunk version of patch:
- https://svn.apache.org/r1838684
- https://svn.apache.org/r1920570
- https://svn.apache.org/r1920571
- https://svn.apache.org/r1920572
- Backport version for 2.4.x of patch:
- https://patch-diff.githubusercontent.com/raw/apache/httpd/pull/484.diff
- Can be applied via apply_backport_pr.sh 484
- +1: rpluem, ylavic, covener
-
*) mod_ssl: Fix regression in PKCS#11 handling which should work without
SSLCryptoDevice configured
trunk patch: https://svn.apache.org/r1920597
* ourself).
*/
if (p->flags & RULEFLAG_PROXY) {
- /* For rules evaluated in server context, the mod_proxy fixup
- * hook can be relied upon to escape the URI as and when
- * necessary, since it occurs later. If in directory context,
- * the ordering of the fixup hooks is forced such that
- * mod_proxy comes first, so the URI must be escaped here
- * instead. See PR 39746, 46428, and other headaches. */
- if (ctx->perdir && (p->flags & RULEFLAG_NOESCAPE) == 0) {
- char *old_filename = r->filename;
-
- r->filename = ap_escape_uri(r->pool, r->filename);
- rewritelog(r, 2, ctx->perdir, "escaped URI in per-dir context "
- "for proxy, %s -> %s", old_filename, r->filename);
- }
-
fully_qualify_uri(r);
rewritelog(r, 2, ctx->perdir, "forcing proxy-throughput with %s",
}
if ((r->args != NULL)
&& ((r->proxyreq == PROXYREQ_PROXY)
- || (rulestatus == ACTION_NOESCAPE))) {
+ || apr_table_get(r->notes, "proxy-nocanon"))) {
/* see proxy_http:proxy_http_canon() */
r->filename = apr_pstrcat(r->pool, r->filename,
"?", r->args, NULL);
if (to_proxyreq) {
/* it should go on as an internal proxy request */
- /* make sure the QUERY_STRING and
- * PATH_INFO parts get incorporated
+ /* check if the proxy module is enabled, so
+ * we can actually use it!
+ */
+ if (!proxy_available) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10160)
+ "attempt to make remote request from mod_rewrite "
+ "without proxy enabled: %s", r->filename);
+ return HTTP_FORBIDDEN;
+ }
+
+ if (rulestatus == ACTION_NOESCAPE) {
+ apr_table_setn(r->notes, "proxy-nocanon", "1");
+ }
+
+ /* make sure the QUERY_STRING gets incorporated in the case
+ * [NE] was specified on the Proxy rule. We are preventing
+ * mod_proxy canon handler from incorporating r->args as well
+ * as escaping the URL.
* (r->path_info was already appended by the
* rewriting engine because of the per-dir context!)
*/
- if (r->args != NULL) {
- /* see proxy_http:proxy_http_canon() */
+ if ((r->args != NULL) && apr_table_get(r->notes, "proxy-nocanon")) {
r->filename = apr_pstrcat(r->pool, r->filename,
"?", r->args, NULL);
}
static void register_hooks(apr_pool_t *p)
{
- /* fixup after mod_proxy, so that the proxied url will not
- * escaped accidentally by mod_proxy's fixup.
- */
- static const char * const aszPre[]={ "mod_proxy.c", NULL };
+ static const char * const aszModProxy[] = { "mod_proxy.c", NULL };
/* make the hashtable before registering the function, so that
* other modules are prevented from accessing uninitialized memory.
ap_hook_pre_config(pre_config, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_post_config(post_config, NULL, NULL, APR_HOOK_MIDDLE);
ap_hook_child_init(init_child, NULL, NULL, APR_HOOK_MIDDLE);
-
- ap_hook_fixups(hook_fixup, aszPre, NULL, APR_HOOK_FIRST);
+
+ /* allow to change the uri before mod_proxy takes over it */
+ ap_hook_translate_name(hook_uri2file, NULL, aszModProxy, APR_HOOK_FIRST);
+ /* fixup before mod_proxy so that a [P] URL gets fixed up there */
+ ap_hook_fixups(hook_fixup, NULL, aszModProxy, APR_HOOK_FIRST);
ap_hook_fixups(hook_mimetype, NULL, NULL, APR_HOOK_LAST);
- ap_hook_translate_name(hook_uri2file, NULL, NULL, APR_HOOK_FIRST);
}
/* the main config structure */
}
static void register_hooks(apr_pool_t *p)
{
- /* fixup before mod_rewrite, so that the proxied url will not
- * escaped accidentally by our fixup.
- */
- static const char * const aszSucc[] = { "mod_rewrite.c", NULL};
/* Only the mpm_winnt has child init hook handler.
* make sure that we are called after the mpm
* initializes.
*/
static const char *const aszPred[] = { "mpm_winnt.c", "mod_proxy_balancer.c",
"mod_proxy_hcheck.c", NULL};
+ static const char * const aszModRewrite[] = { "mod_rewrite.c", NULL };
+
/* handler */
ap_hook_handler(proxy_handler, NULL, NULL, APR_HOOK_FIRST);
/* filename-to-URI translation */
ap_hook_pre_translate_name(proxy_pre_translate_name, NULL, NULL,
APR_HOOK_MIDDLE);
- ap_hook_translate_name(proxy_translate_name, aszSucc, NULL,
+ /* mod_rewrite has a say on the uri before proxy translation */
+ ap_hook_translate_name(proxy_translate_name, aszModRewrite, NULL,
APR_HOOK_FIRST);
/* walk <Proxy > entries and suppress default TRACE behavior */
ap_hook_map_to_storage(proxy_map_location, NULL,NULL, APR_HOOK_FIRST);
- /* fixups */
- ap_hook_fixups(proxy_fixup, NULL, aszSucc, APR_HOOK_FIRST);
+ /* fixup after mod_rewrite so that a [P] URL from there gets fixed up */
+ ap_hook_fixups(proxy_fixup, aszModRewrite, NULL, APR_HOOK_FIRST);
/* post read_request handling */
ap_hook_post_read_request(proxy_detect, NULL, NULL, APR_HOOK_FIRST);
/* pre config handling */
projects / thirdparty / apache / httpd.git / commitdiff
