Project

General

Profile

[Solved] trailing slash with proxy

Added by kasak 3 months ago

greetings!

I have two examples here:

$HTTP["url"] =~ "^/tftpboot/d($|/)" {
    dir-listing.activate = "enable" 
}

and

$HTTP["url"] =~ "^/keys($|/)" {
    proxy.server = ( "" => (( "host" => "127.0.0.1", "port" => "8080")) )
    proxy.header = ( "map-urlpath" => ( "/keys" => "" ), "https-remap" => "enable" )
}

When we work with local files, urls without trailing slashes "just work"

[kasak@kasakoff ~]$ curl -I betelgeuse/tftpboot/d
HTTP/1.1 301 Moved Permanently
Location: /tftpboot/d/
Date: Wed, 06 Dec 2023 11:27:57 GMT
Server: lighttpd/1.4.73

But if it is proxy, it does not :(

[kasak@kasakoff ~]$ curl -I betelgeuse/keys
HTTP/1.1 400 Bad Request

One question: Why does local files work, and proxy does not? And is there any way to make it work?
Second question: Is it safe to use match patterns like this? I've taken it from "mod_dirlisting" page.
There was some noise about alias traversal on nginx some time ago, i've seen that lighttpd is not vulnerable to it, but maybe there is some another conditions?

Thanks in advance for any help.


Replies (3)

RE: trailing slash with proxy - Added by gstrauss 3 months ago

Why does local files work, and proxy does not?

Let's start with blindingly obvious logic.
One is configured to do what you want. The other is not.

And is there any way to make it work?

Probably, but reading your mind is not one of my skills. Please carefully read How to get support - please read

Second question: Is it safe to use match patterns like this? I've taken it from "mod_dirlisting" page.

Again, blindingly obvious logic: it is part of the wiki documentation. Why would the documentation intentionally contain unsafe information? If the wiki is found to contain unsafe information, the unsafe information will be removed.

Why are you asking such questions?

There was some noise about alias traversal on nginx some time ago, i've seen that lighttpd is not vulnerable to it, but maybe there is some another conditions?

Seems like you're waving your hands in the air and throwing crap against a wall to see what sticks. None of this is very intelligent dialogue.

Again, blindingly obvious logic:
There are no known security issues in lighttpd. When security issues get reported, they are analyzed. Most of the time, the reports are incorrect, but when there is an issue found in lighttpd, the issue gets fixed.
The lighttpd issue tracker is on this website: https://redmine.lighttpd.net/projects/lighttpd/issues

RTFM before asking further questions.

Please scope your question to your issue.
Please carefully read How to get support - please read

You have not described in detail what behavior you are seeing with mod_proxy nor described in detail what behavior you expect. I do not know the layout of files in your system and can not read your mind.

When we work with local files, urls without trailing slashes "just work"

That is not detailed.


If you wany "/keys" to be redirect to "/keys/", then your backend (127.0.0.1 on port 8080) should redirect "/keys" to "/keys/", as you have configured lighttpd mod_proxy to send all requests to "/keys" and all requests starting with "/keys/" to that backend.

$HTTP["url"] =~ "^/keys($|/)" {
    proxy.server = ( "" => (( "host" => "127.0.0.1", "port" => "8080")) )
    proxy.header = ( "map-urlpath" => ( "/keys" => "" ), "https-remap" => "enable" )
}

"map-urlpath" is a prefix match and in the above config maps "/keys" to "", and maps "/keys/..." to "/...".

The following redirects "/keys" to "/keys/" and then "map-urlpath" maps "/keys/..." to "/...". You could alternatively use url.rewrite

$HTTP["url"] =~ "^/keys/" {
    proxy.server = ( "" => (( "host" => "127.0.0.1", "port" => "8080")) )
    proxy.header = ( "map-urlpath" => ( "/keys/" => "/" ), "https-remap" => "enable" )
}
else $HTTP["url"] == "/keys" {
    url.redirect = ( "" => "/keys/" )
    url.redirect-code = 308
}

RE: trailing slash with proxy - Added by kasak 3 months ago

Thank you for comprehensive answer!
I'm sorry answering confusing question, and not providing enough information.
But you understood me correctly!

In my simple config, I only have this two conditions, included to the end of global config file, which I did not touch.
And when i'm trying to access host/tftpboot/d it automatically redirect me to host/tftpboot/d/ with a trailing slash.
But with the absolutely similar condition with proxy, it does not. And you explained it perfectly, even with a workaround.

If I understood it correctly, lighttpd automatically processes url without trailing slash, but if it is proxy, it does not.

The second question was stupid, I'm sorry.

I'm very grateful for the clarification.

RE: trailing slash with proxy - Added by gstrauss 3 months ago

But you understood me correctly!

Irrelevant. You should do better.

If I understood it correctly, lighttpd automatically processes url without trailing slash, but if it is proxy, it does not.

Very simpleminded. You do not seem very intelligent when you guess. It is not an intelligent dialogue. Try asking intelligent questions instead of making statements which are guesses.
Did you carefully read How to get support - please read ? Maybe you should have someone else read it to you.

lighttpd is a modular web server and there is a sequence of steps that lighttpd follows to serve a request. That sequence may be modified by various modules and their configuration, as lighttpd is a modular and flexible web server.

lighttpd mod_proxy sends requests to another backend, and that backend might be local or might be remote. lighttpd mod_proxy has no way of knowing if "/foo" on the backend maps to a virtual path or whether "/foo" points to a file or directory or other resource.

Later in lighttpd request processing, lighttpd checks the local filesystem if a lighttpd module (such as mod_proxy) has not already claimed the request for handling. It is when checking the local filesystem that lighttpd translates requests for "/foo" to "/foo/" if "foo" in the configured document root points to a directory.

    (1-3/3)