RewriteRule, where particular request-URIs could result in undesired
backend network exposure in some configurations. (CVE-2011-4317)
Thanks to Prutha Parikh from Qualys for reporting this issue.
* modules/proxy/mod_proxy.c (proxy_trans): Decline to handle the "*"
request-URI. Fail for cases where r->uri does not begin with a "/".
* modules/mappers/mod_rewrite.c (hook_uri2file): Likewise.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1209432 13f79535-47bb-0310-9956-ffa450edef68
optionally modified by a module when the effective IP of the client
is not the same as the real IP of the client (such as a load balancer).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1204968 13f79535-47bb-0310-9956-ffa450edef68
- add possibility to have expressions that evaluate to a string and not to
a boolean value
- modify ap_expr_parse_cmd() interface to support this and make it more
convenient to use in general
- rename AP_EXPR_FLAGS_* to AP_EXPR_FLAG_* for consistency
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1142164 13f79535-47bb-0310-9956-ffa450edef68
are allocated from the request pool and not modified later on.
Submitted by: Christophe JAILLET <christophe jaillet wanadoo fr>
PR: 51358
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1135084 13f79535-47bb-0310-9956-ffa450edef68
and context document root (which is the file system directory that
this URL prefix is mapped to). This generalization of the document
root makes it easier for scripts to create self-referential URLs and
to find their files.
- Expose CONTEXT_DOCUMENT_ROOT and CONTEXT_PREFIX as envvars, in mod_rewrite,
and in ap_expr.
- Make mod_alias and mod_userdir set the context information.
- Allow to override the document root on a per-request basis. This allows
mass vhosting modules to set DOCUMENT_ROOT correctly.
- Make mod_vhost_alias set the per-request document root
PR: 26052, 46198, 49705
Remaining tasks:
- Use the context document root & prefix in mod_rewrite to make RewriteBase
unneccessary in many cases. Do this without breaking compatibility.
- Write docs.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1132494 13f79535-47bb-0310-9956-ffa450edef68
remove some unused variables and dead assignments, reduce the scope of some
variables, add some parens to improve readability
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1103459 13f79535-47bb-0310-9956-ffa450edef68
some of these were exposed to mods so the mmn is bumped, without
regard to whether any compiler will have to generate different
code
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1086662 13f79535-47bb-0310-9956-ffa450edef68
if they were not active during server startup but got enabled later during a
graceful restart (in which case they need to do all work during a single
config run).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1070153 13f79535-47bb-0310-9956-ffa450edef68
The operators -gt, -ge, -eq, -le, -lt and -ne follow the bash test' semantics
for comparing the integer values of the lhs and rhs expressions, as opposed
to the string evaluations performed by > >= = <= and <.
Note that -lt and -le overlap the existing -l test, and could be confused in
expresions such as -ltestfile - to avoid this conflict use -L or -h in place
of the legacy -l file symlink test operator.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@997878 13f79535-47bb-0310-9956-ffa450edef68
- follow the same logic of '=' for >[=] and <[=], skipping p->type chars
for the resulting p->pattern
- introduce pskip logic to greatly simplify logging, track negation '!', '=',
and new comparators ">/<[=]", backspacing only for the purpose of logging.
It's trivial to expand this to the -X operators in the future.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@997869 13f79535-47bb-0310-9956-ffa450edef68
(for another patch against -l yet-to-come)
*) Introduce >= and <= syntax for greater-or-equal, or less-or-equal
string comparisons
*) Respect [NC] conventions for >[=]/<[=] string comparison, which is
horribly sensitive to the current charset.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@997553 13f79535-47bb-0310-9956-ffa450edef68
explicitely giving a value.
Most modules only check presence of a variable, not the
value, so it makes sense to make the VAL argument in
the mod_rewrite ENV flag optional.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@960233 13f79535-47bb-0310-9956-ffa450edef68
