Bug #4922

Bug in Webrick httprequest.rb using multiple proxies and fix

Added by Hiroshi Nakamura almost 3 years ago. Updated almost 3 years ago.

[ruby-core:37313]
Status:Closed
Priority:Normal
Assignee:Hiroshi Nakamura
Category:lib
Target version:1.9.3
ruby -v:any Backport:

Description

(From )

Hi.

This is my first post to this mailing list, so please tell me, if I posted this the wrong place, or I in any other way should do something different.

I have been playing around with Webrick for some time now, and decided to set up a virtual machine with a hosted webrick based application.

For every request, the request goes through two Apache proxies because of lack of IP adresses. The forwarded hostname is therefore split by commas like this:

Host= domain.com, someotherdomainoorip.com

Webrick doesnt handle this well. It looks like it only supports one single forwarded hostname.

This can however easily be fixed by changing like 291 in httprequest.rb from:

host, port = @forwardedhost, @forwardedport

To:

host, port = @forwardedhost.split(",")[0].strip, @forwardedport

If not, Webrick will not handle the request and raise an error.

My fix may be more than a hack than a fix, but for now it works and makes Webrick actually handle the request instead of crashing. I have attached a .diff I made with Subversion.

Thank you for a great programming language.

Kasper Johansen

Associated revisions

Revision 32222
Added by Hiroshi Nakamura almost 3 years ago

  • lib/webrick/httprequest.rb (setupforwardedinfo): Parsing request
    header failed when the request is from 2 or more Apache reverse
    proxies. It's said that all X-Forwarded-* headers will contain more
    than one (comma-separated) value if the original request already
    contained one of these headers. Since we could use these values as
    Host header, we choose the initial(first) value. See #4922.

  • test/webrick/testhttprequest.rb (testforwarded): Test it.

History

#1 Updated by Hiroshi Nakamura almost 3 years ago

See also: 'Reverse Proxy Request Headers' in http://httpd.apache.org/docs/2.2/en/mod/mod_proxy.html

Be careful when using these headers on the origin server, since they will contain more than one (comma-separated)
value if the original request already contained one of these headers. For example, you can use %{X-Forwarded-For}i
in the log format string of the origin server to log the original clients IP address, but you may get more than one
address if the request passes through several proxies.

#2 Updated by Hiroshi Nakamura almost 3 years ago

  • Status changed from Assigned to Closed

I close it since I replied to the original reporter at ruby-core.

Also available in: Atom PDF