Interesting mod_proxy issue with Double decoding.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Interesting mod_proxy issue with Double decoding.
From: "Isaac Dawson" <isaac.dawson@xxxxxxxxx>
Date: Tue, 13 Feb 2007 18:14:11 +0900
Delivered-to: mailing list users@xxxxxxxxxxxxxxxx
Mailing-list: contact users-help@xxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: users@xxxxxxxxxxxxxxxx

Hello,
I have a configuration utilizing apache 2.2.0 with mod_proxy. What I want to do is protect the server and limit the user to access a single directory, lets say /java_tut/ from a machine running resin.

So we have the following configuration:
<Proxy *>
Order deny, allow
Allow from all
</Proxy>

ProxyPass /java_tut/ http://someotherhost:8080/java_tut/

Everything works, the user can't access other directories outside of java_tut.
Unless of course they do /java_tut/%252e%252e/examples/basic/viewsource.jsp. Using a double encoding of .. they are able to gain traverse back a directory. This is not what I want.

So I came up with the following rules:
ProxyPass /java_tut/%2e%2e !
ProxyPass /java_tut/%2e. !
ProxyPass /java_tut/.%2e !

Which works they can't get out of the directory any more. For those encoding scheme' obviously any rule that requires 3 or more types of deny's is probably flawed because i'm 99% sure there's other encoding tricks to get past these. Has anyone seen or come across such issues and has a better recommendation?
Thanks a lot,
-Isaac

Prev by Date: Re: remove the http server info banner
Next by Date: Trying to install Apache 2.2.4 on AIX 5.3
Previous by thread: Apache SSL DMZ mod_jk Security concerns
Next by thread: Trying to install Apache 2.2.4 on AIX 5.3
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]