From 93e4a23b08b1eb54741cd2d870b2921675e9d216 Mon Sep 17 00:00:00 2001 From: Jim Jagielski Date: Fri, 27 Mar 2015 12:21:56 +0000 Subject: [PATCH] Merge r1665215, r1665218 from trunk: mod_proxy: use the original (non absolute) form of the request-line's URI for requests embedded in CONNECT payloads used to connect SSL backends via a ProxyRemote forward-proxy. PR 55892. Submitted by: Hendrik Harms Reviewed by: wrowe, ylavic Committed by: ylavic mod_proxy: follow up to r1665215: CHANGES entry. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1669556 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 5 +++++ STATUS | 2 +- modules/proxy/proxy_util.c | 8 ++++++-- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 360aaad410..1a1f34b5b1 100644 --- a/CHANGES +++ b/CHANGES @@ -12,6 +12,11 @@ Changes with Apache 2.4.13 calls r:wsupgrade() can cause a child process crash. [Edward Lu ] + *) mod_proxy: use the original (non absolute) form of the request-line's URI + for requests embedded in CONNECT payloads used to connect SSL backends via + a ProxyRemote forward-proxy. PR 55892. [Hendrik Harms , William Rowe, Yann Ylavic] + *) mod_rewrite: Improve relative substitutions in per-directory/htaccess context for directories found by mod_userdir and mod_alias. These no longer require RewriteBase to be specified. [Eric Covener] diff --git a/STATUS b/STATUS index 778c8b5449..610af2d0ce 100644 --- a/STATUS +++ b/STATUS @@ -141,7 +141,7 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: http://svn.apache.org/r1641381 2.4.x patch: trunk works +1: jkaluza, ylavic - + -1: jim (does not cleanly apply) * mod_buffer: Forward flushed input data immediately and avoid (unlikely) access to freed memory. diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c index 83131c1288..e47a5a0f36 100644 --- a/modules/proxy/proxy_util.c +++ b/modules/proxy/proxy_util.c @@ -2197,8 +2197,12 @@ ap_proxy_determine_connection(apr_pool_t *p, request_rec *r, * The scheme handler decides if this is permanent or * short living pool. */ - /* are we connecting directly, or via a proxy? */ - if (!proxyname) { + /* Unless we are connecting the backend via a (forward Proxy)Remote, we + * have to use the original form of the URI (non absolute), but this is + * also the case via a remote proxy using the CONNECT method since the + * original request (and URI) is to be embedded in the body. + */ + if (!proxyname || conn->is_ssl) { *url = apr_pstrcat(p, uri->path, uri->query ? "?" : "", uri->query ? uri->query : "", uri->fragment ? "#" : "", -- 2.50.1