Index: server/protocol.c
===================================================================
--- server/protocol.c	(revision 1232983)
+++ server/protocol.c	(working copy)
@@ -640,25 +640,6 @@
 
     ap_parse_uri(r, uri);
 
-    /* RFC 2616:
-     *   Request-URI    = "*" | absoluteURI | abs_path | authority
-     *
-     * authority is a special case for CONNECT.  If the request is not
-     * using CONNECT, and the parsed URI does not have scheme, and
-     * it does not begin with '/', and it is not '*', then, fail
-     * and give a 400 response. */
-    if (r->method_number != M_CONNECT 
-        && !r->parsed_uri.scheme 
-        && uri[0] != '/'
-        && !(uri[0] == '*' && uri[1] == '\0')) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                      "invalid request-URI %s", uri);
-        r->args = NULL;
-        r->hostname = NULL;
-        r->status = HTTP_BAD_REQUEST;
-        r->uri = apr_pstrdup(r->pool, uri);
-    }
-
     if (ll[0]) {
         r->assbackwards = 0;
         pro = ll;
Index: CHANGES
===================================================================
--- CHANGES	(revision 1232983)
+++ CHANGES	(working copy)
@@ -6,6 +6,12 @@
      could cause the parent to crash at shutdown rather than terminate 
      cleanly.  [Joe Orton]
 
+  *) SECURITY: CVE-2011-4317 (cve.mitre.org)
+     Resolve additional cases of URL rewriting with ProxyPassMatch or
+     RewriteRule, where particular request-URIs could result in undesired
+     backend network exposure in some configurations.
+     [Joe Orton]
+
   *) SECURITY: CVE-2011-3368 (cve.mitre.org)
      Reject requests where the request-URI does not match the HTTP
      specification, preventing unexpected expansion of target URLs in
Index: modules/proxy/mod_proxy.c
===================================================================
--- modules/proxy/mod_proxy.c	(revision 1232983)
+++ modules/proxy/mod_proxy.c	(working copy)
@@ -566,6 +566,11 @@
         return OK;
     }
 
+    if ((r->unparsed_uri[0] == '*' && r->unparsed_uri[1] == '\0')
+        || !r->uri || r->uri[0] != '/') {
+        return DECLINED;
+    }
+
     /* XXX: since r->uri has been manipulated already we're not really
      * compliant with RFC1945 at this point.  But this probably isn't
      * an issue because this is a hybrid proxy/origin server.
Index: modules/mappers/mod_rewrite.c
===================================================================
--- modules/mappers/mod_rewrite.c	(revision 1232983)
+++ modules/mappers/mod_rewrite.c	(working copy)
@@ -4266,6 +4266,11 @@
         return DECLINED;
     }
 
+    if ((r->unparsed_uri[0] == '*' && r->unparsed_uri[1] == '\0')
+        || !r->uri || r->uri[0] != '/') {
+        return DECLINED;
+    }
+
     /*
      *  add the SCRIPT_URL variable to the env. this is a bit complicated
      *  due to the fact that apache uses subrequests and internal redirects