Index: CHANGES =================================================================== --- CHANGES (revision 663514) +++ CHANGES (working copy) @@ -5,6 +5,10 @@ mod_proxy_balancer: Prevent CSRF attacks against the balancer-manager interface. [Joe Orton] + *) mod_proxy: Make all proxy modules nocanon aware and do not add the + query string again in this case. PR 44803. + [Jim Jagielski, Ruediger Pluem] + *) mod_unique_id: Fix timestamp value in UNIQUE_ID. PR 37064 [Kobayashi ] Index: modules/proxy/mod_proxy_balancer.c =================================================================== --- modules/proxy/mod_proxy_balancer.c (revision 663514) +++ modules/proxy/mod_proxy_balancer.c (working copy) @@ -31,7 +31,8 @@ static int proxy_balancer_canon(request_rec *r, char *url) { - char *host, *path, *search; + char *host, *path; + char *search = NULL; const char *err; apr_port_t port = 0; @@ -55,21 +56,19 @@ url, err); return HTTP_BAD_REQUEST; } - /* now parse path/search args, according to rfc1738 */ - /* N.B. if this isn't a true proxy request, then the URL _path_ - * has already been decoded. True proxy requests have r->uri - * == r->unparsed_uri, and no others have that property. + /* + * now parse path/search args, according to rfc1738: + * process the path. With proxy-noncanon set (by + * mod_proxy) we use the raw, unparsed uri */ - if (r->uri == r->unparsed_uri) { - search = strchr(url, '?'); - if (search != NULL) - *(search++) = '\0'; + if (apr_table_get(r->notes, "proxy-nocanon")) { + path = url; /* this is the raw path */ } - else + else { + path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0, + r->proxyreq); search = r->args; - - /* process path */ - path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0, r->proxyreq); + } if (path == NULL) return HTTP_BAD_REQUEST; Index: modules/proxy/mod_proxy_ajp.c =================================================================== --- modules/proxy/mod_proxy_ajp.c (revision 663512) +++ modules/proxy/mod_proxy_ajp.c (working copy) @@ -29,7 +29,8 @@ */ static int proxy_ajp_canon(request_rec *r, char *url) { - char *host, *path, *search, sport[7]; + char *host, *path, sport[7]; + char *search = NULL; const char *err; apr_port_t port = AJP13_DEF_PORT; @@ -57,23 +58,18 @@ } /* - * now parse path/search args, according to rfc1738 - * - * N.B. if this isn't a true proxy request, then the URL _path_ - * has already been decoded. True proxy requests have - * r->uri == r->unparsed_uri, and no others have that property. + * now parse path/search args, according to rfc1738: + * process the path. With proxy-noncanon set (by + * mod_proxy) we use the raw, unparsed uri */ - if (r->uri == r->unparsed_uri) { - search = strchr(url, '?'); - if (search != NULL) - *(search++) = '\0'; + if (apr_table_get(r->notes, "proxy-nocanon")) { + path = url; /* this is the raw path */ } - else + else { + path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0, + r->proxyreq); search = r->args; - - /* process path */ - path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0, - r->proxyreq); + } if (path == NULL) return HTTP_BAD_REQUEST; Index: modules/proxy/mod_proxy_http.c =================================================================== --- modules/proxy/mod_proxy_http.c (revision 663512) +++ modules/proxy/mod_proxy_http.c (working copy) @@ -33,7 +33,8 @@ */ static int proxy_http_canon(request_rec *r, char *url) { - char *host, *path, *search, sport[7]; + char *host, *path, sport[7]; + char *search = NULL; const char *err; const char *scheme; apr_port_t port, def_port; @@ -67,21 +68,11 @@ return HTTP_BAD_REQUEST; } - /* now parse path/search args, according to rfc1738 */ - /* N.B. if this isn't a true proxy request, then the URL _path_ - * has already been decoded. True proxy requests have r->uri - * == r->unparsed_uri, and no others have that property. - */ - if (r->uri == r->unparsed_uri) { - search = strchr(url, '?'); - if (search != NULL) - *(search++) = '\0'; - } - else - search = r->args; - - /* process path */ - /* In a reverse proxy, our URL has been processed, so canonicalise + /* + * now parse path/search args, according to rfc1738: + * process the path. + * + * In a reverse proxy, our URL has been processed, so canonicalise * unless proxy-nocanon is set to say it's raw * In a forward proxy, we have and MUST NOT MANGLE the original. */ @@ -94,6 +85,7 @@ else { path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0, r->proxyreq); + search = r->args; } break; case PROXYREQ_PROXY: