Mailing List Archive

[Bug 58120] ProxyPassInherit affects ProxyRemote, not ProxyPass
https://bz.apache.org/bugzilla/show_bug.cgi?id=58120

Andrew Chadwick <a.t.chadwick@gmail.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Hardware|PC |All
Keywords| |NeedsReleaseNote,
| |Regression
Summary|ProxyPassInherit does not |ProxyPassInherit affects
|work as expect |ProxyRemote, not ProxyPass

--- Comment #2 from Andrew Chadwick <a.t.chadwick@gmail.com> ---
(In reply to silencer018 from comment #0)
> Is this a bug ? or I misunderstood the usage of this directive ?

Confirmed this in 2.4.52 on Debian 11. You're right about the code:

-------------8<-------------

static const command_rec proxy_cmds[] =
{
// ...
AP_INIT_TAKE2("ProxyRemote", add_proxy_noregex, NULL, RSRC_CONF,
"a scheme, partial URL or '*' and a proxy server"),
AP_INIT_TAKE2("ProxyRemoteMatch", add_proxy_regex, NULL, RSRC_CONF,
"a regex pattern and a proxy server"),
// ...
AP_INIT_RAW_ARGS("ProxyPass", add_pass_noregex, NULL,
RSRC_CONF|ACCESS_CONF,
"a virtual path and a URL"),
AP_INIT_RAW_ARGS("ProxyPassMatch", add_pass_regex, NULL,
RSRC_CONF|ACCESS_CONF,
"a virtual path and a URL"),
// ...
------------->8-------------

Elsewhere, the add_pass*() functions update conf->aliases, and the add_proxy*()
functions update conf->proxies. This directive is preventing or enabling the
inheritance of ProxyRemote and ProxyRemoteMatch, not ProxyPass and
ProxyPassMatch as documented.

I'll attach a test case.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 58120] ProxyPassInherit affects ProxyRemote, not ProxyPass [ In reply to ]
https://bz.apache.org/bugzilla/show_bug.cgi?id=58120

--- Comment #3 from Andrew Chadwick <a.t.chadwick@gmail.com> ---
Created attachment 38215
--> https://bz.apache.org/bugzilla/attachment.cgi?id=38215&action=edit
testcase.tar.gz

Minimal test case, for Debian 11. I hope the little tarball attaches.

If your test instance is on Debian 11, unpack the tarball to / (or somewhere
safe and then move the files). Don't forget to "a2enmod proxy" and a2enmod
proxy_http".

If you're using something else, note that Debian 11 does the following from its
main config file, and adapt yours accordingly to include the two config stubs
in that tarball.

----------------8<-------------
root@debian11test:/etc/apache2# grep ^Include /etc/apache2/apache2.conf
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
Include ports.conf
IncludeOptional conf-enabled/*.conf
IncludeOptional sites-enabled/*.conf
---------------->8-------------

Once this is set up, you can test it as follows by tailing the logs.

HEAD http://YOUR.IP # hits the default page on the default site
HEAD http://YOUR.IP:1080 # hits the default page on the port 1080 vhost
HEAD http://YOUR.IP:1081 # hits the default page on the port 1081 vhost
HEAD http://YOUR.IP/port1080/ # proxied to the port 1080 vhost, hits the
default page
HEAD http://YOUR.IP/port1081/ # proxied to the port 1081 vhost, hits the
default page
HEAD http://YOUR.IP/port1080/other/xxx # double proxy! hits the *port 1081*
vhost, and 404s
HEAD http://YOUR.IP/port1081/other/xxx # double proxy! hits the *port 1080*
vhost, and 404s

The 1080 and 1081 vhosts are configured with a further /other ProxyPass
directive, which does not exist on the default port 80 site. This is just to
demonstrate that ProxyPass is working for the 108[12] default vhosts, and is
expected behaviour.

After this, the *incorrect* behaviour can be confirmed by tailing the logs

HEAD http://YOUR.IP/port1080/port1081/yyy # hits the :1081 vhost (where it
404s)
# Should be 404ed by the port 1080 vhost because ProxypassInherit is Off
everywhere.
HEAD http://YOUR.IP/port1081/port1080/zzz # hits the :1080 vhost (where it
404s)
# Again, this is being proxied on to the wrong local vhost.
ProxyPassInherit Off
# is blocking inheritance of the wrong directives.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org