Bug #929
closedmod_core_proxy with dangeous url
Description
Hello ?I have some problem about lighty 1.5 pre_release.
I use mod_core_proxy + Mongrel Cluster for ruby on rails application.
When I type some invaild char like " or < on URL.
Like
http://lala.abc.com/con/action/123" or
http://lala.abc.com/con/action/123<Something strange happen, the lighty's CPU usage will reach 99%.
And nothing return.
Because Safari will not auto escape the invaild url char, so this
probelm happen.
Firefox and IE will auto escape the invaild url char, so no probelm
happen.
I will check the same url with lighty 1.4.11 + fastcgi, and there are no these problem.First, I use http://lala.abc.com/con/action/123" this invaild url
connect mongrel directly.
And mongrel return connect close for some reason.
Maybe lighty 1.5 cannot find the mongrel return and boom !!And second, apache 2.2 + mod_proxy_balnacer will be ok for this invild
url request.
-- thegiive
Updated by jakabosky over 18 years ago
Please try my patch attached to ticket #922
it might fix your problem.
Updated by Anonymous over 18 years ago
I check the PRE-RELEASE: lighttpd-1.5.0-r1477.tar.gz, but still don't help any more.
-- thegiive
Updated by stbuehler over 16 years ago
- Status changed from New to Missing Feedback
- Pending changed from Yes to No
- Patch available set to No
Couldn't reproduce problem, so i guess it got fixed.
Updated by gstrauss over 1 year ago
- Status changed from Missing Feedback to Obsolete
- ASK QUESTIONS IN Forums set to No
lighttpd 1.5.x branch has been abandoned.
lighttpd 1.4.x branch is now far more advanced and continues to be maintained.
Also available in: Atom