Project

General

Profile

Bug #4922

Bug in Webrick httprequest.rb using multiple proxies and fix

Added by nahi (Hiroshi Nakamura) over 7 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Target version:
ruby -v:
any
Backport:
[ruby-core:37313]

Description

(From [ruby-core:33872])

Hi.

This is my first post to this mailing list, so please tell me, if I posted this the wrong place, or I in any other way should do something different.

I have been playing around with Webrick for some time now, and decided to set up a virtual machine with a hosted webrick based application.

For every request, the request goes through two Apache proxies because of lack of IP adresses. The forwarded hostname is therefore split by commas like this:

Host= domain.com, someotherdomainoorip.com

Webrick doesnt handle this well. It looks like it only supports one single forwarded hostname.

This can however easily be fixed by changing like 291 in httprequest.rb from:

host, port = @forwarded_host, @forwarded_port

To:

host, port = @forwarded_host.split(",")[0].strip, @forwarded_port

If not, Webrick will not handle the request and raise an error.

My fix may be more than a hack than a fix, but for now it works and makes Webrick actually handle the request instead of crashing. I have attached a .diff I made with Subversion.

Thank you for a great programming language.

--
Kasper Johansen

Associated revisions

Revision 635d13a8
Added by nahi (Hiroshi Nakamura) over 7 years ago

  • lib/webrick/httprequest.rb (setup_forwarded_info): Parsing request
    header failed when the request is from 2 or more Apache reverse
    proxies. It's said that all X-Forwarded-* headers will contain more
    than one (comma-separated) value if the original request already
    contained one of these headers. Since we could use these values as
    Host header, we choose the initial(first) value. See #4922.

  • test/webrick/test_httprequest.rb (test_forwarded): Test it.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@32222 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Revision 32222
Added by nahi (Hiroshi Nakamura) over 7 years ago

  • lib/webrick/httprequest.rb (setup_forwarded_info): Parsing request
    header failed when the request is from 2 or more Apache reverse
    proxies. It's said that all X-Forwarded-* headers will contain more
    than one (comma-separated) value if the original request already
    contained one of these headers. Since we could use these values as
    Host header, we choose the initial(first) value. See #4922.

  • test/webrick/test_httprequest.rb (test_forwarded): Test it.

Revision 32222
Added by nahi (Hiroshi Nakamura) over 7 years ago

  • lib/webrick/httprequest.rb (setup_forwarded_info): Parsing request
    header failed when the request is from 2 or more Apache reverse
    proxies. It's said that all X-Forwarded-* headers will contain more
    than one (comma-separated) value if the original request already
    contained one of these headers. Since we could use these values as
    Host header, we choose the initial(first) value. See #4922.

  • test/webrick/test_httprequest.rb (test_forwarded): Test it.

Revision 32222
Added by nahi (Hiroshi Nakamura) over 7 years ago

  • lib/webrick/httprequest.rb (setup_forwarded_info): Parsing request
    header failed when the request is from 2 or more Apache reverse
    proxies. It's said that all X-Forwarded-* headers will contain more
    than one (comma-separated) value if the original request already
    contained one of these headers. Since we could use these values as
    Host header, we choose the initial(first) value. See #4922.

  • test/webrick/test_httprequest.rb (test_forwarded): Test it.

Revision 32222
Added by nahi (Hiroshi Nakamura) over 7 years ago

  • lib/webrick/httprequest.rb (setup_forwarded_info): Parsing request
    header failed when the request is from 2 or more Apache reverse
    proxies. It's said that all X-Forwarded-* headers will contain more
    than one (comma-separated) value if the original request already
    contained one of these headers. Since we could use these values as
    Host header, we choose the initial(first) value. See #4922.

  • test/webrick/test_httprequest.rb (test_forwarded): Test it.

Revision 32222
Added by nahi (Hiroshi Nakamura) over 7 years ago

  • lib/webrick/httprequest.rb (setup_forwarded_info): Parsing request
    header failed when the request is from 2 or more Apache reverse
    proxies. It's said that all X-Forwarded-* headers will contain more
    than one (comma-separated) value if the original request already
    contained one of these headers. Since we could use these values as
    Host header, we choose the initial(first) value. See #4922.

  • test/webrick/test_httprequest.rb (test_forwarded): Test it.

Revision 32222
Added by nahi (Hiroshi Nakamura) over 7 years ago

  • lib/webrick/httprequest.rb (setup_forwarded_info): Parsing request
    header failed when the request is from 2 or more Apache reverse
    proxies. It's said that all X-Forwarded-* headers will contain more
    than one (comma-separated) value if the original request already
    contained one of these headers. Since we could use these values as
    Host header, we choose the initial(first) value. See #4922.

  • test/webrick/test_httprequest.rb (test_forwarded): Test it.

Revision 87d9bb77
Added by yugui (Yuki Sonoda) over 7 years ago

merges r32222 from trunk into ruby_1_9_2.

  • lib/webrick/httprequest.rb (setup_forwarded_info): Parsing request
    header failed when the request is from 2 or more Apache reverse
    proxies. It's said that all X-Forwarded-* headers will contain more
    than one (comma-separated) value if the original request already
    contained one of these headers. Since we could use these values as
    Host header, we choose the initial(first) value. See #4922.

  • test/webrick/test_httprequest.rb (test_forwarded): Test it.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_9_2@32879 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

History

Updated by nahi (Hiroshi Nakamura) over 7 years ago

See also: 'Reverse Proxy Request Headers' in http://httpd.apache.org/docs/2.2/en/mod/mod_proxy.html

Be careful when using these headers on the origin server, since they will contain more than one (comma-separated)
value if the original request already contained one of these headers. For example, you can use %{X-Forwarded-For}i
in the log format string of the origin server to log the original clients IP address, but you may get more than one
address if the request passes through several proxies.

Updated by nahi (Hiroshi Nakamura) over 7 years ago

  • Status changed from Assigned to Closed

I close it since I replied to the original reporter at ruby-core.

Also available in: Atom PDF