diff options
| author | Matt Holt <mholt@users.noreply.github.com> | 2019-10-28 14:39:37 -0600 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-10-28 14:39:37 -0600 |
| commit | b00dfd3965f400956c5bb5b388e9d54ef98052e5 (patch) | |
| tree | 44517743815327f7ef63405b3a13e54f7f20c885 /modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go | |
| parent | 6c533558a3db4b30a6b7a81d19ac180fe2000ca2 (diff) | |
v2: Logging! (#2831)
* logging: Initial implementation
* logging: More encoder formats, better defaults
* logging: Fix repetition bug with FilterEncoder; add more presets
* logging: DiscardWriter; delete or no-op logs that discard their output
* logging: Add http.handlers.log module; enhance Replacer methods
The Replacer interface has new methods to customize how to handle empty
or unrecognized placeholders. Closes #2815.
* logging: Overhaul HTTP logging, fix bugs, improve filtering, etc.
* logging: General cleanup, begin transitioning to using new loggers
* Fixes after merge conflict
Diffstat (limited to 'modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go')
| -rw-r--r-- | modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go index eaf1f86..21aeb17 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go @@ -19,7 +19,6 @@ import ( "crypto/tls" "fmt" "net/http" - "net/url" "path" "path/filepath" "strconv" @@ -53,6 +52,9 @@ type Transport struct { // with the value of SplitPath. The first piece will be assumed as the // actual resource (CGI script) name, and the second piece will be set to // PATH_INFO for the CGI script to use. + // Future enhancements should be careful to avoid CVE-2019-11043, + // which can be mitigated with use of a try_files-like behavior + // that 404's if the fastcgi path info is not found. SplitPath string `json:"split_path,omitempty"` // Extra environment variables @@ -191,12 +193,13 @@ func (t Transport) buildEnv(r *http.Request) (map[string]string, error) { // original URI in as the value of REQUEST_URI (the user can overwrite this // if desired). Most PHP apps seem to want the original URI. Besides, this is // how nginx defaults: http://stackoverflow.com/a/12485156/1048862 - reqURL, ok := r.Context().Value(caddyhttp.OriginalURLCtxKey).(url.URL) + origReq, ok := r.Context().Value(caddyhttp.OriginalRequestCtxKey).(http.Request) if !ok { // some requests, like active health checks, don't add this to // the request context, so we can just use the current URL - reqURL = *r.URL + origReq = *r } + reqURL := origReq.URL requestScheme := "http" if r.TLS != nil { |