Bug #929

mod_core_proxy with dangeous url

Added by Anonymous about 13 years ago. Updated over 11 years ago.

Missing Feedback
Target version:
Start date:
Due date:
% Done:


Estimated time:
Missing in 1.5.x:


Hello ?I have some problem about lighty 1.5 pre_release.
I use mod_core_proxy + Mongrel Cluster for ruby on rails application.

When I type some invaild char like " or < on URL.
Like"  or<

Something strange happen, the lighty's CPU usage will reach 99%.
And nothing return.
Because Safari will not auto escape the invaild url char, so this
probelm happen.
Firefox and IE will auto escape the invaild url char, so no probelm

I will check the same url with lighty 1.4.11 + fastcgi, and there are no these problem.First, I use" this invaild url
connect mongrel directly.
And mongrel return connect close for some reason.
Maybe lighty 1.5 cannot find the mongrel return and boom !!And second, apache 2.2 + mod_proxy_balnacer will be ok for this invild
url request.

-- thegiive


Updated by jakabosky about 13 years ago

Please try my patch attached to ticket #922

it might fix your problem.


Updated by Anonymous about 13 years ago

I check the PRE-RELEASE: lighttpd-1.5.0-r1477.tar.gz, but still don't help any more.

-- thegiive


Updated by stbuehler over 11 years ago

  • Status changed from New to Missing Feedback
  • Pending changed from Yes to No
  • Patch available set to No

Couldn't reproduce problem, so i guess it got fixed.

Also available in: Atom