Welcome! Log In Create A New Profile

Advanced

access to urldecoded headers

Michael Ching
March 27, 2009 02:30AM
A problem when trying to proxy webdav/svn have is that when you proxy
https to an http backend, COPY requests do not work because of the
Destination: header.

The standard configuration to address this is:
set $destination $http_destination;
if ( $destination ~* ^https(.*)$ ) {
set $destination http$1;
}
proxy_set_header Destination $destination;

However, $http_destination is already urlescaped and becomes escaped
again as part of the capture. This causes filenamess with spaces in
them to become double-escaped (i.e. " " represented by %2520 instead of
%20).

I have not done too much work in the nginx source, so I borrowed very
heavily from the code provided by Kirill K in his patch to urldecode
variable_arguments to create a patch which should allow access to
urldecoded copies of $http_ variables. Changing $http_destination to
$urldecodehttp_destination with the following patch applied appears to
resolve the issue for us.

Any feedback as far as a better way to do this, problems with the code,
or issues that have been overlooked would be appreciated.

I was mostly unsure whether the ngx_palloc code and the "v->len = dst -
v->data;" lines were correct.

Michael


diff -u nginx-0.5.37/src/http/ngx_http_variables.c
nginx-0.5.37-decodepatch/src/http/ngx_http_variables.c
--- nginx-0.5.37/src/http/ngx_http_variables.c 2007-12-12
08:57:36.000000000 -0800
+++ nginx-0.5.37-decodepatch/src/http/ngx_http_variables.c 2009-03-26
23:06:26.000000000 -0700
@@ -22,6 +22,8 @@
static ngx_int_t ngx_http_variable_headers(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data);

+static ngx_int_t
ngx_http_variable_unknown_header_in_urldecode(ngx_http_request_t *r,
+ ngx_http_variable_value_t *v, uintptr_t data);
static ngx_int_t ngx_http_variable_unknown_header_in(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data);
static ngx_int_t
ngx_http_variable_unknown_header_out(ngx_http_request_t *r,
@@ -442,6 +444,17 @@
return NULL;
}

+ if (ngx_strncmp(name->data, "urldecodehttp_", 14) == 0) {
+
+ if (ngx_http_variable_unknown_header_in_urldecode(r, vv,
(uintptr_t) name)
+ == NGX_OK)
+ {
+ return vv;
+ }
+
+ return NULL;
+ }
+
if (ngx_strncmp(name->data, "http_", 5) == 0) {

if (ngx_http_variable_unknown_header_in(r, vv, (uintptr_t) name)
@@ -632,6 +645,73 @@


static ngx_int_t
+ngx_http_variable_unknown_header_in_urldecode(ngx_http_request_t *r,
+ ngx_http_variable_value_t *v, uintptr_t data)
+{
+ ngx_str_t *var = (ngx_str_t *) data;
+ ngx_list_part_t *part = &r->headers_in.headers.part;
+ size_t prefix = sizeof("urldecodehttp_") - 1;
+ u_char *dst, *src;
+
+ u_char ch;
+ ngx_uint_t i, n;
+ ngx_table_elt_t *header;
+
+ header = part->elts;
+
+ for (i = 0; /* void */ ; i++) {
+
+ if (i >= part->nelts) {
+ if (part->next == NULL) {
+ break;
+ }
+
+ part = part->next;
+ header = part->elts;
+ i = 0;
+ }
+
+ for (n = 0; n + prefix < var->len && n < header[i].key.len; n++) {
+ ch = header[i].key.data[n];
+
+ if (ch >= 'A' && ch <= 'Z') {
+ ch |= 0x20;
+
+ } else if (ch == '-') {
+ ch = '_';
+ }
+
+ if (var->data[n + prefix] != ch) {
+ break;
+ }
+ }
+
+ if (n + prefix == var->len && n == header[i].key.len) {
+ v->data = ngx_palloc(r->pool, header[i].value.len);
+ if (v->data == NULL) {
+ v->not_found = 1;
+ }
+ else {
+ dst = v->data;
+ src = header[i].value.data;
+
+ ngx_unescape_uri(&dst, &src, header[i].value.len,
NGX_ESCAPE_ARGS);
+ v->len = dst - v->data;
+ v->valid = 1;
+ v->no_cacheable = 0;
+ v->not_found = 0;
+ }
+ return NGX_OK;
+ }
+ }
+
+ v->not_found = 1;
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
ngx_http_variable_unknown_header_in(ngx_http_request_t *r,
ngx_http_variable_value_t *v, uintptr_t data)
{
@@ -1351,6 +1431,13 @@
}
}

+ if (ngx_strncmp(v[i].name.data, "urldecodehttp_", 14) == 0) {
+ v[i].get_handler =
ngx_http_variable_unknown_header_in_urldecode;
+ v[i].data = (uintptr_t) &v[i].name;
+
+ continue;
+ }
+
if (ngx_strncmp(v[i].name.data, "http_", 5) == 0) {
v[i].get_handler = ngx_http_variable_unknown_header_in;
v[i].data = (uintptr_t) &v[i].name;
Subject Author Posted

access to urldecoded headers

Michael Ching March 27, 2009 02:30AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 269
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready