diff options
| author | Matthew Holt <mholt@users.noreply.github.com> | 2020-03-22 07:48:21 -0600 |
|---|---|---|
| committer | Matthew Holt <mholt@users.noreply.github.com> | 2020-03-22 07:48:34 -0600 |
| commit | f2ce81cc8b5adcd453566d292ac0b0b47fc64e99 (patch) | |
| tree | 90e34450428a44d08e1c7f41f59443251e5a20ca /modules/caddyhttp/reverseproxy/fastcgi | |
| parent | 2cab475ba516fa725d012f53ca417c3e039607de (diff) | |
fastcgi: Support multiple path splitters (close #1564)
Diffstat (limited to 'modules/caddyhttp/reverseproxy/fastcgi')
| -rw-r--r-- | modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go | 6 | ||||
| -rw-r--r-- | modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go | 18 |
2 files changed, 15 insertions, 9 deletions
diff --git a/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go b/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go index 81fd48e..5b378f8 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/caddyfile.go @@ -51,10 +51,10 @@ func (t *Transport) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { t.Root = d.Val() case "split": - if !d.NextArg() { + t.SplitPath = d.RemainingArgs() + if len(t.SplitPath) == 0 { return d.ArgErr() } - t.SplitPath = d.Val() case "env": args := d.RemainingArgs() @@ -173,7 +173,7 @@ func parsePHPFastCGI(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error } // set up the transport for FastCGI, and specifically PHP - fcgiTransport := Transport{SplitPath: ".php"} + fcgiTransport := Transport{SplitPath: []string{".php"}} // create the reverse proxy handler which uses our FastCGI transport rpHandler := &reverseproxy.Handler{ diff --git a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go index aa0d1cd..9d2dc39 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go @@ -47,10 +47,11 @@ type Transport struct { // with the value of SplitPath. The first piece will be assumed as the // actual resource (CGI script) name, and the second piece will be set to // PATH_INFO for the CGI script to use. + // // Future enhancements should be careful to avoid CVE-2019-11043, // which can be mitigated with use of a try_files-like behavior - // that 404's if the fastcgi path info is not found. - SplitPath string `json:"split_path,omitempty"` + // that 404s if the fastcgi path info is not found. + SplitPath []string `json:"split_path,omitempty"` // Extra environment variables. EnvVars map[string]string `json:"env,omitempty"` @@ -168,7 +169,7 @@ func (t Transport) buildEnv(r *http.Request) (map[string]string, error) { // Split path in preparation for env variables. // Previous canSplit checks ensure this can never be -1. - // TODO: I haven't brought over canSplit; make sure this doesn't break + // TODO: I haven't brought over canSplit from v1; make sure this doesn't break splitPos := t.splitPos(fpath) // Request has the extension; path was split successfully @@ -284,14 +285,19 @@ func (t Transport) buildEnv(r *http.Request) (map[string]string, error) { // splitPos returns the index where path should // be split based on t.SplitPath. func (t Transport) splitPos(path string) int { - // TODO: + // TODO: from v1... // if httpserver.CaseSensitivePath { // return strings.Index(path, r.SplitPath) // } - return strings.Index(strings.ToLower(path), strings.ToLower(t.SplitPath)) + lowerPath := strings.ToLower(path) + for _, split := range t.SplitPath { + if idx := strings.Index(lowerPath, strings.ToLower(split)); idx > -1 { + return idx + } + } + return -1 } -// TODO: // Map of supported protocols to Apache ssl_mod format // Note that these are slightly different from SupportedProtocols in caddytls/config.go var tlsProtocolStrings = map[uint16]string{ |