Project

General

Profile

Bug #929

mod_core_proxy with dangeous url

Added by Anonymous almost 13 years ago. Updated almost 11 years ago.

Status:
Missing Feedback
Priority:
Normal
Assignee:
Category:
mod_proxy
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Missing in 1.5.x:

Description

Hello ?I have some problem about lighty 1.5 pre_release.
I use mod_core_proxy + Mongrel Cluster for ruby on rails application.

When I type some invaild char like " or < on URL.
Like

http://lala.abc.com/con/action/123"  or 
http://lala.abc.com/con/action/123<

Something strange happen, the lighty's CPU usage will reach 99%.
And nothing return.
Because Safari will not auto escape the invaild url char, so this
probelm happen.
Firefox and IE will auto escape the invaild url char, so no probelm
happen.

I will check the same url with lighty 1.4.11 + fastcgi, and there are no these problem.First, I use http://lala.abc.com/con/action/123" this invaild url
connect mongrel directly.
And mongrel return connect close for some reason.
Maybe lighty 1.5 cannot find the mongrel return and boom !!And second, apache 2.2 + mod_proxy_balnacer will be ok for this invild
url request.

-- thegiive

History

#1

Updated by jakabosky almost 13 years ago

Please try my patch attached to ticket #922

it might fix your problem.

#2

Updated by Anonymous almost 13 years ago

I check the PRE-RELEASE: lighttpd-1.5.0-r1477.tar.gz, but still don't help any more.

-- thegiive

#3

Updated by stbuehler almost 11 years ago

  • Status changed from New to Missing Feedback
  • Pending changed from Yes to No
  • Patch available set to No

Couldn't reproduce problem, so i guess it got fixed.

Also available in: Atom