Bug #929

mod_core_proxy with dangeous url

Added by Anonymous 731 days ago. Updated 55 days ago.

Status:Missing Feedback Start:
Priority:Normal Due date:
Assigned to:jan % Done:

0%
Category:mod_proxy
Target version:1.5.0
Pending:

No

 Resolution:
Patch available:

No

Description

Hello ?I have some problem about lighty 1.5 pre_release.
I use mod_core_proxy + Mongrel Cluster for ruby on rails application.

When I type some invaild char like " or < on URL.
Like http://lala.abc.com/con/action/123<

http://lala.abc.com/con/action/123"  or

Something strange happen, the lighty's CPU usage will reach 99%.
And nothing return.
Because Safari will not auto escape the invaild url char, so this
probelm happen.
Firefox and IE will auto escape the invaild url char, so no probelm
happen.

I will check the same url with lighty 1.4.11 + fastcgi, and there are no these problem.First, I use http://lala.abc.com/con/action/123" this invaild url
connect mongrel directly.
And mongrel return connect close for some reason.
Maybe lighty 1.5 cannot find the mongrel return and boom !!And second, apache 2.2 + mod_proxy_balnacer will be ok for this invild
url request.

-- thegiive

History

12/05/2006 05:31 AM - jakabosky

Please try my patch attached to ticket #922

it might fix your problem.

12/19/2006 04:04 AM - Anonymous

I check the PRE-RELEASE: lighttpd-1.5.0-r1477.tar.gz, but still don't help any more.

-- thegiive

10/10/2008 10:49 PM - stbuehler

  • Status changed from New to Missing Feedback
  • Pending changed from Yes to No
  • Patch available set to No

Couldn't reproduce problem, so i guess it got fixed.

Also available in: Atom PDF