From b73db43c7ad5cb6439150445bdc03363d8b63b45 Mon Sep 17 00:00:00 2001 From: Eric Covener Date: Fri, 5 Nov 2010 20:03:02 +0000 Subject: [PATCH] PR47765: ProxyPass and ProxyPassReverse should not be accepted in Directory or Files sections. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1031758 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 +++ modules/proxy/mod_proxy.c | 12 ++++++++++++ 2 files changed, 15 insertions(+) diff --git a/CHANGES b/CHANGES index ae012392d4..db498904c1 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,9 @@ Changes with Apache 2.3.9 Fix a denial of service attack against mod_reqtimeout. [Stefan Fritsch] + *) mod_proxy: Don't allow ProxyPass or ProxyPassReverse in + or . PR47765 [Eric Covener] + *) prefork/worker/event MPMS: default value (when no directive is present) of MaxConnectionsPerChild/MaxRequestsPerChild is changed to 0 from 10000 to match default configuration and manual. PR47782 [Eric Covener] diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c index ac89447365..b449d4a282 100644 --- a/modules/proxy/mod_proxy.c +++ b/modules/proxy/mod_proxy.c @@ -1337,6 +1337,12 @@ static const char * int i; int use_regex = is_regex; unsigned int flags = 0; + const char *err; + + err = ap_check_cmd_context(cmd, NOT_IN_DIRECTORY|NOT_IN_FILES); + if (err) { + return err; + } while (*arg) { word = ap_getword_conf(cmd->pool, &arg); @@ -1490,6 +1496,12 @@ static const char * add_pass_reverse(cmd_parms *cmd, void *dconf, const char *f, const char *fake; const char *real; const char *interp; + const char *err; + + err = ap_check_cmd_context(cmd, NOT_IN_DIRECTORY|NOT_IN_FILES); + if (err) { + return err; + } if (cmd->path == NULL) { if (r == NULL || !strcasecmp(r, "interpolate")) { -- 2.50.1