Re: base httpd ProxyPreserveHost not working

[Jacob L. Leifman]

On 25 Mar 2012 at 10:22, Stuart Henderson wrote:

> On 2012/03/24 21:33, Stuart Henderson wrote:
> > On 2012/03/24 16:58, Jacob L. Leifman wrote:
> > > following up on my own post  (the only reponse I received was the
> > > suggestion to switch to nginx, and while it does appear that much
> > > development is happening there, I am not in a position to deploy
> > > current right away...)
> > 
> > Your analysis and diff look correct to me.
> 
> as an offlist mail pointed out, this has a problem with the : in raw v6
> addresses.
> 

I believe that most of that problem has already been mitigated in the 
evolution of the code and my corresponding adjustment of the patch. 
Specifically, after splitting the original destination string into 
hostname:destportstr, the two components are now used as strings 
without further mangling and are [almost] always recombined in a manner 
that ultimately results in the original string.

For the remaining spot where a raw v6 address might still get mangled 
(due to a component of the address matching the value of a standard 
port and being suppressed as a result), I offer the supplementary patch 
below:

--- proxy_http.c~       Sat Mar 24 14:29:30 2012
+++ proxy_http.c        Mon Mar 26 17:14:18 2012
@@ -389,7 +389,10 @@
                    AP_HOOK_DECLINE(DECLINED),
                    &rc, r, f, hostname, destportstr, destportstr);
         if (rc == DECLINED) {
-           destportstrtonum = strtonum(destportstr, 0, 65535, &errstr);
+           if (strchr(destportstr, ':') != NULL)
+               destportstrtonum = -1;  /* force output below */
+           else
+               destportstrtonum = strtonum(destportstr, 0, 65535, &errstr);
            if (errstr)
                errx(1, "The destination port is %s: %s", errstr, destportstr);
 

Since I am by no means an expert in IPv6, here is an alternative, very 
aggressive version of the supplementary patch:

--- proxy_http.c~       Sat Mar 24 14:29:30 2012
+++ proxy_http.c        Mon Mar 26 17:15:04 2012
@@ -389,7 +389,10 @@
                    AP_HOOK_DECLINE(DECLINED),
                    &rc, r, f, hostname, destportstr, destportstr);
         if (rc == DECLINED) {
-           destportstrtonum = strtonum(destportstr, 0, 65535, &errstr);
+           if (conf->preserve_host)
+               destportstrtonum = -1;  /* force output below */
+           else
+               destportstrtonum = strtonum(destportstr, 0, 65535, &errstr);
            if (errstr)
                errx(1, "The destination port is %s: %s", errstr, destportstr);
 

BTW, completely as an aside, can anyone demonstrate a potential use-
case scenario where "ProxyPreserveHost On" and raw v6 addresses would 
collide? Unless I am mistaken, the sole purpose of this directive is to 
pass the original requested FQDN to a NameVirtualHost backend.