Skip Menu |
 

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the CGI CPAN distribution.

Report information
The Basics
Id: 5601
Status: resolved
Priority: 0/
Queue: CGI

People
Owner: Nobody in particular
Requestors: adamk [...] ali.as
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: (no value)
Fixed in: (no value)



Subject: http(), url() and HTTP_HOST vs HTTP_X_FORWARDED_HOST (3.0+)
Download (untitled) / with headers
text/plain 1.8k
I have a situation where an Apache/Squid type proxy is passing a request through to a jailed server for processing, which generates and environment as follows CACHED_CORE="plus11" DOCUMENT_ROOT="/usr/local/www/data" GATEWAY_INTERFACE="CGI/1.1" HTTP_ACCEPT="text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1" HTTP_ACCEPT_CHARSET="ISO-8859-1,utf-8;q=0.7,*;q=0.7" HTTP_ACCEPT_ENCODING="gzip,deflate" HTTP_ACCEPT_LANGUAGE="en-us,en;q=0.5" HTTP_CONNECTION="close" HTTP_HOST="127.0.0.190" HTTP_USER_AGENT="Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007 Firebird/0.7" HTTP_X_FORWARDED_FOR="203.48.150.200" HTTP_X_FORWARDED_HOST="imago.rhps.org" HTTP_X_FORWARDED_SERVER="imago.rhps.org" PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin:/root/bin" QUERY_STRING="" REMOTE_ADDR="127.0.0.100" REMOTE_PORT="3511" REQUEST_METHOD="GET" REQUEST_URI="/printenv.cgi" SCRIPT_FILENAME="/usr/local/www/data/printenv.cgi" SCRIPT_NAME="/printenv.cgi" SERVER_ADDR="127.0.0.190" SERVER_ADMIN="imago@marinms.com" SERVER_NAME="imago.rhps.org" SERVER_PORT="80" SERVER_PROTOCOL="HTTP/1.1" SERVER_SIGNATURE="<address>Apache Server at <a href=\"mailto:imago@marinms.com\">imago.rhps.org</a> Port 80</address>\n" SERVER_SOFTWARE="Apache" TEMP_PATH="/usr/local/www/store/" Now, to generate a self-referential url using CGI::url() at... http://imago.rhps.org/something ...because of the proxying, we get... http://127.0.0.190/something ... which is useless to anyone on the internet. I'm wondering if C< http('host'); > ought to return HTTP_X_FORWARDED_HOST if it exists, in preference to HTTP_HOST. For the moment, at the beginning of my program, I'm doing a $ENV{HTTP_HOST} = $ENV{HTTP_X_FORWARDED_HOST} if $ENV{HTTP_X_FORWARDED_HOST} to get around this issue.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.