diff --git a/changes-entries/pr56264.txt b/changes-entries/pr56264.txt new file mode 100644 index 00000000000..3a95a792420 --- /dev/null +++ b/changes-entries/pr56264.txt @@ -0,0 +1,3 @@ + *) mod_rewrite: Error out in case a RewriteRule in directory context uses the + proxy, but mod_proxy is not loaded. PR 56264. + [Christophe Jaillet, Michael Streeter ] diff --git a/changes-entries/pr69235.txt b/changes-entries/pr69235.txt new file mode 100644 index 00000000000..be812e4dc86 --- /dev/null +++ b/changes-entries/pr69235.txt @@ -0,0 +1,2 @@ + *) mod_rewrite, mod_proxy: mod_proxy to canonicalize rewritten [P] URLs, + including "unix:" ones. PR 69235, PR 69260. [Yann Ylavic, Ruediger Pluem] diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c index 0bf44049238..93430e5952e 100644 --- a/modules/mappers/mod_rewrite.c +++ b/modules/mappers/mod_rewrite.c @@ -4515,20 +4515,6 @@ static rule_return_type apply_rewrite_rule(rewriterule_entry *p, * ourself). */ if (p->flags & RULEFLAG_PROXY) { - /* For rules evaluated in server context, the mod_proxy fixup - * hook can be relied upon to escape the URI as and when - * necessary, since it occurs later. If in directory context, - * the ordering of the fixup hooks is forced such that - * mod_proxy comes first, so the URI must be escaped here - * instead. See PR 39746, 46428, and other headaches. */ - if (ctx->perdir && (p->flags & RULEFLAG_NOESCAPE) == 0) { - char *old_filename = r->filename; - - r->filename = ap_escape_uri(r->pool, r->filename); - rewritelog(r, 2, ctx->perdir, "escaped URI in per-dir context " - "for proxy, %s -> %s", old_filename, r->filename); - } - fully_qualify_uri(r); rewritelog(r, 2, ctx->perdir, "forcing proxy-throughput with %s", @@ -5051,7 +5037,7 @@ static int hook_uri2file(request_rec *r) } if ((r->args != NULL) && ((r->proxyreq == PROXYREQ_PROXY) - || (rulestatus == ACTION_NOESCAPE))) { + || apr_table_get(r->notes, "proxy-nocanon"))) { /* see proxy_http:proxy_http_canon() */ r->filename = apr_pstrcat(r->pool, r->filename, "?", r->args, NULL); @@ -5342,13 +5328,28 @@ static int hook_fixup(request_rec *r) if (to_proxyreq) { /* it should go on as an internal proxy request */ - /* make sure the QUERY_STRING and - * PATH_INFO parts get incorporated + /* check if the proxy module is enabled, so + * we can actually use it! + */ + if (!proxy_available) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10160) + "attempt to make remote request from mod_rewrite " + "without proxy enabled: %s", r->filename); + return HTTP_FORBIDDEN; + } + + if (rulestatus == ACTION_NOESCAPE) { + apr_table_setn(r->notes, "proxy-nocanon", "1"); + } + + /* make sure the QUERY_STRING gets incorporated in the case + * [NE] was specified on the Proxy rule. We are preventing + * mod_proxy canon handler from incorporating r->args as well + * as escaping the URL. * (r->path_info was already appended by the * rewriting engine because of the per-dir context!) */ - if (r->args != NULL) { - /* see proxy_http:proxy_http_canon() */ + if ((r->args != NULL) && apr_table_get(r->notes, "proxy-nocanon")) { r->filename = apr_pstrcat(r->pool, r->filename, "?", r->args, NULL); } @@ -5648,10 +5649,7 @@ static void ap_register_rewrite_mapfunc(char *name, rewrite_mapfunc_t *func) static void register_hooks(apr_pool_t *p) { - /* fixup after mod_proxy, so that the proxied url will not - * escaped accidentally by mod_proxy's fixup. - */ - static const char * const aszPre[]={ "mod_proxy.c", NULL }; + static const char * const aszModProxy[] = { "mod_proxy.c", NULL }; /* make the hashtable before registering the function, so that * other modules are prevented from accessing uninitialized memory. @@ -5663,10 +5661,12 @@ static void register_hooks(apr_pool_t *p) ap_hook_pre_config(pre_config, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_post_config(post_config, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_child_init(init_child, NULL, NULL, APR_HOOK_MIDDLE); - - ap_hook_fixups(hook_fixup, aszPre, NULL, APR_HOOK_FIRST); + + /* allow to change the uri before mod_proxy takes over it */ + ap_hook_translate_name(hook_uri2file, NULL, aszModProxy, APR_HOOK_FIRST); + /* fixup before mod_proxy so that a [P] URL gets fixed up there */ + ap_hook_fixups(hook_fixup, NULL, aszModProxy, APR_HOOK_FIRST); ap_hook_fixups(hook_mimetype, NULL, NULL, APR_HOOK_LAST); - ap_hook_translate_name(hook_uri2file, NULL, NULL, APR_HOOK_FIRST); } /* the main config structure */ diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c index 756c41c4a1d..ab29c321df8 100644 --- a/modules/proxy/mod_proxy.c +++ b/modules/proxy/mod_proxy.c @@ -3347,27 +3347,26 @@ static int proxy_pre_config(apr_pool_t *pconf, apr_pool_t *plog, } static void register_hooks(apr_pool_t *p) { - /* fixup before mod_rewrite, so that the proxied url will not - * escaped accidentally by our fixup. - */ - static const char * const aszSucc[] = { "mod_rewrite.c", NULL}; /* Only the mpm_winnt has child init hook handler. * make sure that we are called after the mpm * initializes. */ static const char *const aszPred[] = { "mpm_winnt.c", "mod_proxy_balancer.c", "mod_proxy_hcheck.c", NULL}; + static const char * const aszModRewrite[] = { "mod_rewrite.c", NULL }; + /* handler */ ap_hook_handler(proxy_handler, NULL, NULL, APR_HOOK_FIRST); /* filename-to-URI translation */ ap_hook_pre_translate_name(proxy_pre_translate_name, NULL, NULL, APR_HOOK_MIDDLE); - ap_hook_translate_name(proxy_translate_name, aszSucc, NULL, + /* mod_rewrite has a say on the uri before proxy translation */ + ap_hook_translate_name(proxy_translate_name, aszModRewrite, NULL, APR_HOOK_FIRST); /* walk entries and suppress default TRACE behavior */ ap_hook_map_to_storage(proxy_map_location, NULL,NULL, APR_HOOK_FIRST); - /* fixups */ - ap_hook_fixups(proxy_fixup, NULL, aszSucc, APR_HOOK_FIRST); + /* fixup after mod_rewrite so that a [P] URL from there gets fixed up */ + ap_hook_fixups(proxy_fixup, aszModRewrite, NULL, APR_HOOK_FIRST); /* post read_request handling */ ap_hook_post_read_request(proxy_detect, NULL, NULL, APR_HOOK_FIRST); /* pre config handling */