Yes, that is the first problem we are getting. It is probably introduced
by the "add root prefix: asd.example.com/ -> /asd.example.com/" step.

The triple slash is introduced by my last RewriteRule which does not
account for a leading slash (RewriteRule ^([^.]+)).

My use case with the RewriteRule chaining ([C] flag) that puts the
hostname in front of the path to be rewritten is possibly a vulnerable
configuration if the HTTP Host header is put together as concatenating a
first URL, newlines then the usual hostname. It could be one of the HTTP
response splitting vulnerabilities addressed by the upstream patches.
That is why I'm redacting the actual hostname.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2073515

Title:
  functionality loss in mod_proxy rewritten path

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2073515/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to