Project

General

Profile

Actions

Bug #929

closed

mod_core_proxy with dangeous url

Added by Anonymous over 17 years ago. Updated 3 months ago.

Status:
Obsolete
Priority:
Normal
Category:
mod_proxy
Target version:
ASK QUESTIONS IN Forums:
No

Description

Hello ?I have some problem about lighty 1.5 pre_release.
I use mod_core_proxy + Mongrel Cluster for ruby on rails application.

When I type some invaild char like " or < on URL.
Like

http://lala.abc.com/con/action/123"  or 
http://lala.abc.com/con/action/123<

Something strange happen, the lighty's CPU usage will reach 99%.
And nothing return.
Because Safari will not auto escape the invaild url char, so this
probelm happen.
Firefox and IE will auto escape the invaild url char, so no probelm
happen.

I will check the same url with lighty 1.4.11 + fastcgi, and there are no these problem.First, I use http://lala.abc.com/con/action/123" this invaild url
connect mongrel directly.
And mongrel return connect close for some reason.
Maybe lighty 1.5 cannot find the mongrel return and boom !!And second, apache 2.2 + mod_proxy_balnacer will be ok for this invild
url request.

-- thegiive

Actions #1

Updated by jakabosky over 17 years ago

Please try my patch attached to ticket #922

it might fix your problem.

Actions #2

Updated by Anonymous over 17 years ago

I check the PRE-RELEASE: lighttpd-1.5.0-r1477.tar.gz, but still don't help any more.

-- thegiive

Actions #3

Updated by stbuehler over 15 years ago

  • Status changed from New to Missing Feedback
  • Pending changed from Yes to No
  • Patch available set to No

Couldn't reproduce problem, so i guess it got fixed.

Actions #4

Updated by gstrauss 3 months ago

  • Status changed from Missing Feedback to Obsolete
  • ASK QUESTIONS IN Forums set to No

lighttpd 1.5.x branch has been abandoned.

lighttpd 1.4.x branch is now far more advanced and continues to be maintained.

Actions

Also available in: Atom