mod proxy causes duplicate query strings when nocanon option is used

Bug #455873 reported by James Troup on 2009-10-19
26
This bug affects 2 people
Affects Status Importance Assigned to Milestone
apache2 (Ubuntu)
Medium
Unassigned
Hardy
Medium
Dave Walker

Bug Description

Binary package hint: apache2

When mod proxy is used with the nocanon option apache duplicates the
query string arguments in the URL. This is a known bug in 2.2.8 and
was fixed in 2.2.9, c.f.:

  <https://issues.apache.org/bugzilla/show_bug.cgi?id=44803>
  <http://mail-archives.apache.org/mod_mbox/httpd-cvs/200806.mbox/%<email address hidden>%3E>

To reproduce:

1) Create an apache.conf file, e.g. like:

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so

Listen 5555

ErrorLog /dev/null
PidFile /dev/null

ProxyPass / http://127.0.0.1:8000/ nocanon
ProxyPassReverse / http://127.0.0.1:8000/
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

Then run apache with it, e.g. apache2 -X -f apache.conf

2) run 'python -m SimpleHTTPServer' in another terminal/window/whatever

3) finally run 'wget -q -O /dev/null http://localhost:5555/foo?bar' in another terminal

Output from hardy(-updates) apache:

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
localhost - - [19/Oct/2009 23:16:09] code 404, message File not found
localhost - - [19/Oct/2009 23:16:09] "GET /foo?bar?bar HTTP/1.1" 404 -
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

Expected output:

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
localhost - - [19/Oct/2009 23:16:34] code 404, message File not found
localhost - - [19/Oct/2009 23:16:34] "GET /foo?bar HTTP/1.1" 404 -
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

Attached is a dpatch which we're using in production and fixes the
issue for us. Could we please get an SRU with this for hardy?

James Troup (elmo) wrote :
Changed in apache2 (Ubuntu):
assignee: nobody → Ubuntu Server Team (ubuntu-server)
Mathias Gug (mathiaz) on 2009-10-20
Changed in apache2 (Ubuntu):
assignee: Ubuntu Server Team (ubuntu-server) → Canonical Server Team (canonical-server)
Chuck Short (zulcss) on 2009-10-20
Changed in apache2 (Ubuntu):
status: New → Triaged
importance: Undecided → Medium
Matt Zimmerman (mdz) on 2009-10-20
Changed in apache2 (Ubuntu):
assignee: Canonical Server Team (canonical-server) → Chuck Short (zulcss)
Chuck Short (zulcss) wrote :

I have queued it up for the next upload. Thanks for the patch.

Regards
chuck

Changed in apache2 (Ubuntu Hardy):
status: New → In Progress
Martin Pitt (pitti) wrote :

Fixed in 2.2.9, i. e. intrepid onwards.

Changed in apache2 (Ubuntu):
assignee: Chuck Short (zulcss) → nobody
status: Triaged → Fix Released
Changed in apache2 (Ubuntu Hardy):
assignee: nobody → Chuck Short (zulcss)
importance: Undecided → Medium
status: In Progress → Fix Committed
tags: added: verification-needed

Accepted apache2 into hardy-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Jamie Strandboge (jdstrand) wrote :

FYI-- this package is going to be superseded with a pending security upload.

Martin Pitt (pitti) wrote :

Any chance to test this soon, so that the fix can be folded into the security update or moved to -updates before?

Jamie Strandboge (jdstrand) wrote :

This has been superseded by 2.2.8-1ubuntu0.14.

Martin Pitt (pitti) wrote :

Chuck, can you please merge and re-upload?

Changed in apache2 (Ubuntu Hardy):
status: Fix Committed → Triaged
tags: removed: verification-needed
Dave Walker (davewalker) on 2010-05-18
Changed in apache2 (Ubuntu Hardy):
assignee: Chuck Short (zulcss) → Dave Walker (davewalker)
Colin Watson (cjwatson) wrote :

Accepted into hardy-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in apache2 (Ubuntu Hardy):
status: Triaged → Fix Committed
tags: added: verification-needed
Dave Walker (davewalker) on 2010-05-21
tags: added: verification-failed
removed: verification-needed
Dave Walker (davewalker) wrote :

Fails verification for introducing a regression bug #583698.

Colin Watson (cjwatson) wrote :

I've posted an analysis to bug 583698; the exact same bug is present in hardy as released, as well as in the current version in hardy-updates, so I don't believe it should cause this proposed update to fail verification.

tags: added: verification-needed
removed: verification-failed
Andrew Straw (astraw) wrote :

Although I'm not a member of the SRU verification team, I can verify that 2.2.8-1ubuntu0.16 in hardy-proposed fixes the issue for me on i386. (Before upgrading to this, I was being hit by this bug when attempt to setup a reverse proxy to a CouchDB server.)

Martin Pitt (pitti) on 2010-06-02
tags: added: verification-done
removed: verification-needed
Martin Pitt (pitti) wrote :

So it seems that bug 583698 is not actually a regression from this SRU, so this seems fine to go. Thanks for testing!

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apache2 - 2.2.8-1ubuntu0.16

---------------
apache2 (2.2.8-1ubuntu0.16) hardy-proposed; urgency=low

  * debian/patches/211_fix_mod_proxy_nocanon.dpatch: Fix duplicated query string
    when using nocanon option to mod_proxy. Patch courtesy of James Troup, based
    on upstream cherry pick. (LP: #455873)
 -- Dave Walker (Daviey) <email address hidden> Mon, 17 May 2010 18:06:59 +0100

Changed in apache2 (Ubuntu Hardy):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers