Closed
Bug 528201
Opened 15 years ago
Closed 15 years ago
buglist.cgi post-2-get redirect did not work behind reverse proxy - misuse of HTTP_X_FORWARDED_HOST
Categories
(Bugzilla :: Query/Bug List, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 509303
People
(Reporter: hendrik.harms, Unassigned)
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.14) Gecko/2009090216 Ubuntu/8.04 (hardy) Firefox/3.0.14
Build Identifier: Bugzilla 3.4.3
when buglist.cgi receives a POST request (send by query.cgi) it generates a redirect to itself to transform the request to a simple GET request. The redirecting url was generated by using the CGI.pm of the installed perl environment. If this CGI.pm finds the header HTTP_X_FORWARDED_HOST it will place it into the redirection url.
Reproducible: Always
Steps to Reproduce:
This causes a problem in the following reverse proxy setup:
Reverse Proxy:
https://mycompany.com/
has this config:
ProxyPass /bugzilla http://mybugzilla.localnet.me:8080/bugzilla
ProxyPassReverse / http://mybugzilla.localnet.me:8080/
there is a firewall between mycompany.com and the localnet.me
the browser could not see the mybugzilla server directly
by starting an search via query.cgi a POST request like this is send:
> POST https://mycompany.com/bugzilla/buglist.cgi HTTP/1.1
Actual Results:
the resonse to this request is a redirect with following location line:
> Location: http://mycompany.com:8080/bugzilla/buglist.cgi?query_format=adv...
CGI.pm replaces the server name by the header HTTP_X_FORWARED_HOST.
This location could be translated by a special ReverseProxyPass configuration, but I don't think that this is the right way to fix this.
Expected Results:
the resonse should be a redirect with a location line like this:
> Location: http://mybugzilla.localnet.me/bugzilla/buglist.cgi?query_format=ad..
Reporter | ||
Comment 1•15 years ago
|
||
expected result should also contain the port:
Location: http://mybugzilla.localnet.me:8080/bugzilla/buglist.cgi?query_fo...
Reporter | ||
Updated•15 years ago
|
Summary: buglist.cgi post-2-get redirect did not work behind reverse proxy - missuse of HTTP_X_FORWARDED_HOST → buglist.cgi post-2-get redirect did not work behind reverse proxy - misuse of HTTP_X_FORWARDED_HOST
Updated•15 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•