www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-11-06 16:49:32 +03:00
Code Activity
Files
b3cde50489b83e8e85320467def07bcb59616666
apache/modules/proxy
History
Joe Orton 14fef5ae85 Fix for additional cases of URL rewriting with ProxyPassMatch or 
RewriteRule, where particular request-URIs could result in undesired
backend network exposure in some configurations. (CVE-2011-4317)

Thanks to Prutha Parikh from Qualys for reporting this issue.

* modules/proxy/mod_proxy.c (proxy_trans): Decline to handle the "*"
  request-URI.  Fail for cases where r->uri does not begin with a "/".

* modules/mappers/mod_rewrite.c (hook_uri2file): Likewise.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1209432 13f79535-47bb-0310-9956-ffa450edef68
2011-12-02 12:04:20 +00:00
..
balancers
Move useful and shared balancer stuff to the shm slot...
2011-11-25 19:28:14 +00:00
examples
Cleanup effort in prep for GA push:
2011-09-23 13:39:32 +00:00
.indent.pro
Add some more apr_ types
2002-01-29 15:27:30 +00:00
ajp_header.c
Introduce a per connection "peer_ip" and a per request "client_ip" to
2011-11-25 19:42:04 +00:00
ajp_header.h
Cleanup effort in prep for GA push:
2011-09-23 13:38:09 +00:00
ajp_link.c
replace recent AJP direct comparisons to APR_TIMEUP with APR_STATUS_IS_TIMEUP.
2011-05-07 11:41:59 +00:00
ajp_msg.c
Fix compiler warning
2011-08-03 14:39:21 +00:00
ajp_utils.c
More ap_log_rerror() usage and axe some more AJP: prefixes
2011-11-18 22:02:27 +00:00
ajp.h
Cleanup effort in prep for GA push:
2011-09-23 13:38:09 +00:00
CHANGES
Change common but incorrect usage of 'depreciated'
2007-02-08 13:46:14 +00:00
config.m4
* modules/proxy/config.m4: Avoid sh syntax error with
2011-08-12 13:25:19 +00:00
fcgi_protocol.h
update license header text
2006-07-11 20:33:53 +00:00
libproxy.exp
Initial revision
1999-06-18 18:39:23 +00:00
Makefile.in
Treat proxy/balancers normally and independently...
2008-12-12 16:31:15 +00:00
mod_proxy_ajp.c
More ap_log_rerror() usage and axe some more AJP: prefixes
2011-11-18 22:02:27 +00:00
mod_proxy_ajp.dsp
Embed the .manifest files of all httpd binaries as a post-build
2007-01-11 05:37:20 +00:00
mod_proxy_balancer.c
use a style sheet... ideally we would pull one off the filesystem,
2011-11-30 13:15:24 +00:00
mod_proxy_balancer.dsp
Embed the .manifest files of all httpd binaries as a post-build
2007-01-11 05:37:20 +00:00
mod_proxy_connect.c
great proxy logging cleanup:
2011-11-18 21:41:09 +00:00
mod_proxy_connect.dsp
Embed the .manifest files of all httpd binaries as a post-build
2007-01-11 05:37:20 +00:00
mod_proxy_express.c
More ap_log_rerror() usage and axe some more AJP: prefixes
2011-11-18 22:02:27 +00:00
mod_proxy_express.dsp
Added forgfotten .dsp bits - my bad.
2011-07-18 22:31:04 +00:00
mod_proxy_fcgi.c
great proxy logging cleanup:
2011-11-18 21:41:09 +00:00
mod_proxy_fcgi.dsp
Switch two recent dsp files from CRLF to native
2009-05-10 14:03:36 +00:00
mod_proxy_fdpass.c
great proxy logging cleanup:
2011-11-18 21:41:09 +00:00
mod_proxy_fdpass.h
Move the provider interface to a separate header file for mod_proxy_fdpass.
2008-12-12 08:33:31 +00:00
mod_proxy_ftp.c
Remove some getpid() logging, this is now also included in the error log
2011-11-30 22:15:55 +00:00
mod_proxy_ftp.dsp
Embed the .manifest files of all httpd binaries as a post-build
2007-01-11 05:37:20 +00:00
mod_proxy_http.c
Introduce a per connection "peer_ip" and a per request "client_ip" to
2011-11-25 19:42:04 +00:00
mod_proxy_http.dsp
Embed the .manifest files of all httpd binaries as a post-build
2007-01-11 05:37:20 +00:00
mod_proxy_scgi.c
great proxy logging cleanup:
2011-11-18 21:41:09 +00:00
mod_proxy_scgi.dsp
Add mod_proxy_scgi; PR 48303; Submitted by: Gregg L. Smith <lists glewis.com>
2009-12-01 02:24:31 +00:00
mod_proxy.c
Fix for additional cases of URL rewriting with ProxyPassMatch or
2011-12-02 12:04:20 +00:00
mod_proxy.dsp
Embed the .manifest files of all httpd binaries as a post-build
2007-01-11 05:37:20 +00:00
mod_proxy.h
Use 2 sep hashing functions to account for collisions...
2011-12-01 00:02:30 +00:00
mod_serf.c
Remove more log message prefixes that are now redundant as the
2011-11-29 22:28:21 +00:00
mod_serf.dsp
Text, please
2010-12-20 23:36:12 +00:00
mod_serf.h
Cleanup effort in prep for GA push:
2011-09-23 13:38:09 +00:00
NWGNUmakefile
Added new proxy modules to NetWare build.
2011-07-20 12:44:09 +00:00
NWGNUproxy
Added missing proxy import to Netware build.
2011-11-30 17:28:47 +00:00
NWGNUproxyajp
Fixed NetWare build for proxy modules.
2011-04-03 15:33:08 +00:00
NWGNUproxybalancer
Fixed NetWare build for proxy modules.
2011-04-03 15:33:08 +00:00
NWGNUproxycon
Fixed NetWare build for proxy modules.
2011-04-03 15:33:08 +00:00
NWGNUproxyexpress
Added new proxy modules to NetWare build.
2011-07-20 12:44:09 +00:00
NWGNUproxyfcgi
Fixed NetWare build for proxy modules.
2011-04-03 15:33:08 +00:00
NWGNUproxyftp
Fixed NetWare build for proxy modules.
2011-04-03 15:33:08 +00:00
NWGNUproxyhtp
Fixed NetWare build for proxy modules.
2011-04-03 15:33:08 +00:00
NWGNUproxylbm_busy
Added new proxy modules to NetWare build.
2011-07-20 12:44:09 +00:00
NWGNUproxylbm_hb
Added new proxy modules to NetWare build.
2011-07-20 12:44:09 +00:00
NWGNUproxylbm_req
Added new proxy modules to NetWare build.
2011-07-20 12:44:09 +00:00
NWGNUproxylbm_traf
Added new proxy modules to NetWare build.
2011-07-20 12:44:09 +00:00
NWGNUproxyscgi
Fixed NetWare build for proxy modules.
2011-04-03 15:33:08 +00:00
NWGNUserf
Use var for prelude so its possible to change it at one place.
2011-03-18 03:09:27 +00:00
proxy_util.c
Use 2 sep hashing functions to account for collisions...
2011-12-01 00:02:30 +00:00