Project

General

Profile

Actions

Bug #929

closed

mod_core_proxy with dangeous url

Added by Anonymous over 16 years ago. Updated over 14 years ago.

Status:
Missing Feedback
Priority:
Normal
Category:
mod_proxy
Target version:
ASK QUESTIONS IN Forums:

Description

Hello ?I have some problem about lighty 1.5 pre_release.
I use mod_core_proxy + Mongrel Cluster for ruby on rails application.

When I type some invaild char like " or < on URL.
Like

http://lala.abc.com/con/action/123"  or 
http://lala.abc.com/con/action/123<

Something strange happen, the lighty's CPU usage will reach 99%.
And nothing return.
Because Safari will not auto escape the invaild url char, so this
probelm happen.
Firefox and IE will auto escape the invaild url char, so no probelm
happen.

I will check the same url with lighty 1.4.11 + fastcgi, and there are no these problem.First, I use http://lala.abc.com/con/action/123" this invaild url
connect mongrel directly.
And mongrel return connect close for some reason.
Maybe lighty 1.5 cannot find the mongrel return and boom !!And second, apache 2.2 + mod_proxy_balnacer will be ok for this invild
url request.

-- thegiive

Actions #1

Updated by jakabosky over 16 years ago

Please try my patch attached to ticket #922

it might fix your problem.

Actions #2

Updated by Anonymous over 16 years ago

I check the PRE-RELEASE: lighttpd-1.5.0-r1477.tar.gz, but still don't help any more.

-- thegiive

Actions #3

Updated by stbuehler over 14 years ago

  • Status changed from New to Missing Feedback
  • Pending changed from Yes to No
  • Patch available set to No

Couldn't reproduce problem, so i guess it got fixed.

Actions

Also available in: Atom