Project

General

Profile

Actions

Bug #4922

closed

Bug in Webrick httprequest.rb using multiple proxies and fix

Added by nahi (Hiroshi Nakamura) over 12 years ago. Updated over 12 years ago.

Status:
Closed
Target version:
ruby -v:
any
Backport:
[ruby-core:37313]

Description

(From [ruby-core:33872])

Hi.

This is my first post to this mailing list, so please tell me, if I posted this the wrong place, or I in any other way should do something different.

I have been playing around with Webrick for some time now, and decided to set up a virtual machine with a hosted webrick based application.

For every request, the request goes through two Apache proxies because of lack of IP adresses. The forwarded hostname is therefore split by commas like this:

Host= domain.com, someotherdomainoorip.com

Webrick doesnt handle this well. It looks like it only supports one single forwarded hostname.

This can however easily be fixed by changing like 291 in httprequest.rb from:

host, port = @forwarded_host, @forwarded_port

To:

host, port = @forwarded_host.split(",")[0].strip, @forwarded_port

If not, Webrick will not handle the request and raise an error.

My fix may be more than a hack than a fix, but for now it works and makes Webrick actually handle the request instead of crashing. I have attached a .diff I made with Subversion.

Thank you for a great programming language.

--
Kasper Johansen

Updated by nahi (Hiroshi Nakamura) over 12 years ago

See also: 'Reverse Proxy Request Headers' in http://httpd.apache.org/docs/2.2/en/mod/mod_proxy.html

Be careful when using these headers on the origin server, since they will contain more than one (comma-separated)
value if the original request already contained one of these headers. For example, you can use %{X-Forwarded-For}i
in the log format string of the origin server to log the original clients IP address, but you may get more than one
address if the request passes through several proxies.

Updated by nahi (Hiroshi Nakamura) over 12 years ago

  • Status changed from Assigned to Closed

I close it since I replied to the original reporter at ruby-core.

Actions

Also available in: Atom PDF

Like0
Like0Like0