This is a fix that went into v1.3 quite a while back, but not into v2.0. (be7f948b) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

CHANGES

+4 −0

Original line number	Diff line number	Diff line
		@@ -37,6 +37,10 @@ Changes with Apache 2.0.15-dev
		entire content. It is far safer to just remove the C-L as long
		as we are scanning it. [Ryan Bloom]

		*) Make sure Apache sends WWW-Authenticate during a reverse proxy
		request and not Proxy-Authenticate.
		[Graham Leggett <minfrin@sharp.fm>]

		Changes with Apache 2.0.14

		*) Fix content-length computation. We ONLY compute a content-length if

+13 −1

Original line number	Diff line number	Diff line
		@@ -615,7 +615,9 @@ struct request_rec {
		char *the_request;
		/** HTTP/0.9, "simple" request */
		int assbackwards;
		/** A proxy request (calculated during post_read_request/translate_name) */
		/** A proxy request (calculated during post_read_request/translate_name)
		* possible values PROXYREQ_NONE, PROXYREQ_PROXY, PROXYREQ_REVERSE
		*/
		int proxyreq;
		/** HEAD request, as opposed to GET */
		int header_only;
		@@ -807,6 +809,16 @@ struct request_rec {
		*/
		};

		/** Possible values of request_rec->proxyreq. A request could be normal,
		* proxied or reverse proxied. Normally proxied and reverse proxied are
		* grouped together as just "proxied", but sometimes it's necessary to
		* tell the difference between the two, such as for authentication.
		*/

		#define PROXYREQ_NONE 0
		#define PROXYREQ_PROXY 1
		#define PROXYREQ_REVERSE 2


		/** Structure to store things which are per connection */
		struct conn_rec {

+3 −3

Original line number	Diff line number	Diff line
		@@ -854,7 +854,7 @@ static int get_digest_rec(request_rec r, digest_header_rec resp)
		char key, value;

		auth_line = apr_table_get(r->headers_in,
		r->proxyreq ? "Proxy-Authorization"
		(PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authorization"
		: "Authorization");
		if (!auth_line) {
		resp->auth_hdr_sts = NO_HEADER;
		@@ -1322,7 +1322,7 @@ static void note_digest_auth_failure(request_rec *r,
		}

		apr_table_mergen(r->err_headers_out,
		r->proxyreq ? "Proxy-Authenticate" : "WWW-Authenticate",
		(PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authenticate" : "WWW-Authenticate",
		apr_psprintf(r->pool, "Digest realm=\"%s\", nonce=\"%s\", "
		"algorithm=%s%s%s%s%s",
		ap_auth_name(r), nonce, conf->algorithm,
		@@ -2050,7 +2050,7 @@ static int add_auth_info(request_rec *r)

		if (ai && ai[0])
		apr_table_mergen(r->headers_out,
		r->proxyreq ? "Proxy-Authentication-Info"
		(PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authentication-Info"
		: "Authentication-Info",
		ai);
		return OK;

+1 −1

Original line number	Diff line number	Diff line
		@@ -135,7 +135,7 @@ AP_DECLARE(void) ap_die(int type, request_rec *r)
		* about proxy authentication. They treat it like normal auth, and then
		* we tweak the status.
		*/
		if (r->status == HTTP_UNAUTHORIZED && r->proxyreq) {
		if (HTTP_UNAUTHORIZED == r->status && PROXYREQ_PROXY == r->proxyreq) {
		r->status = HTTP_PROXY_AUTHENTICATION_REQUIRED;
		}

+1 −4

Original line number	Diff line number	Diff line
		@@ -720,10 +720,7 @@ static int find_ct(request_rec *r)

		/* Check for a special handler, but not for proxy request */
		if ((type = apr_table_get(conf->handlers, ext))
		#if 0
		/* XXX fix me when the proxy code is updated */
		&& r->proxyreq == NOT_PROXY)
		#endif
		&& (PROXYREQ_NONE == r->proxyreq)
		) {
		r->handler = type;
		found = 1;