Project

General

Profile

Task #1148

Story #1147: Apache2 blocks escaped "/" in URL paths, although it should not (longstanding bug)

Test that tomcat does not block %2F and %5C in query sections

Added by Rob Nahf over 13 years ago. Updated over 13 years ago.

Status:
Closed
Priority:
High
Assignee:
Category:
-
Target version:
Start date:
2010-12-10
Due date:
% Done:

100%

Milestone:
Product Version:
*
Story Points:
Sprint:

History

#1 Updated by Rob Nahf over 13 years ago

the cn reaches the knb servlet without having to go through apache again, so the thing to test is whether or not a request gets to the /cn/ object controller unchanged. OR, if the /cn/ and /knb/ services are talking to each other, that a search through /cn/ can withstand the backslashes and other escape characters

#2 Updated by Rob Nahf over 13 years ago

It tests out OK.

A call to:

http://cn-dev.dataone.org/cn/nerf?id=test%5C%2F\/test

puts the following into the latest localhost log:

Dec 10, 2010 12:39:01 PM org.apache.catalina.core.ApplicationContext log
INFO: org.tuckey.web.filters.urlrewrite.RuleBase DEBUG: Rule 8 run called with /nerf?id=test%5C%2F\/test
Dec 10, 2010 12:39:01 PM org.apache.catalina.core.ApplicationContext log
INFO: org.tuckey.web.filters.urlrewrite.RuleBase TRACE: no match on "from" for /node/?$ and /nerf?id=test%5C%2F\/test

Since the urlrewrite filter is on the calling chain to the servlet, it is safe to assume that tomcat does not mangle or block the URL on the way to the servlet.

#3 Updated by Rob Nahf over 13 years ago

  • Status changed from New to Closed

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)