Rainer Jung wrote:
Mladen Turk wrote:
Can you write a simple example of the uris that make the problem
and why we would need to encode the %.
How it is passed now, and how it would be passed with your
proposal.
Original URI:
/myapp/%252e%252e/otherapp/danger
JkMount /myapp/*
Apache httpd will correctly decode the URI to
/myapp/%2e%2e/otherapp/danger
mod_jk does map it *correctly* to /myapp and forwards it to Tomcat.
It does not IMO, and that's what I'm talking.
Inside mod_jk we should decode
/myapp/%2e%2e/otherapp/danger to
/myapp/../otherapp/danger
Do a normalization of the uri that will end up as
/otherapp/danger before hitting map_uri_to_worker
If there is no JkMount for /otherapp/ it will be
denied, if it is, the rewritten uri /otherapp/danger
will be send instead /myapp/%2e%2e/otherapp/danger.
Of course we can simply send /myapp/%2e%2e/otherapp/danger
to tomcat if the match is OK for /otherapp/,
and let the tomcat do a normalization once again.
In that case we won't need to encode the normalized
uri inside mod_jk once more.
Regards,
Mladen.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
