ZF-3161: ZF MVC is not compatible with apache + http protocol proxy requests

Description

Not sure if other web servers are affected, but I'm assuming so. I've tested both apache 1.3 and 2.2 with php 4.4 and 5.2 respectively (php as a module of course). To reproduce ... Go here:

http://framework.zend.com/docs/quickstart

Now, setup your browser to proxy through 67.15.229.40. In Firefox go to Tools > Options -> Advanced Tab -> Network Tab -> Connection Settings Button. Select manual proxy configuration, enter the IP in the http proxy field and use 80 for the port. Click OK, and click OK.

Now refresh and you'll see:

Error!

An error occurred with this request: Invalid controller specified (http:).

The reason is, when http is used with a proxy request apache turns the REQUEST_URI server var into a fully qualified URI. In this case, instead of the request uri being /docs/quickstart it becomes http://framework.zend.com/docs/quickstart and hence why the error is saying http: is an invalid controller, because when request uri is split on / http: is the first param in the request.

This all may not mean much to you, but for development and monitoring we use this all the time. Furthermore, although its very rare, some people do actually use proxies setup in their browsers.

So what to do? I'm not entirely sure I can make a sound recommendation, but just browsing through Zend_Controller_Request_Http it seems that we are fully counting on and trusting web servers. setRequestUri() simply takes a server var and sets it up as the request uri, no validation what so ever. A fairly safe assumption I'd say heh, but in this case there is an exception. So I'm thinking, why not take the logic that happens in the constructor and move it down into setRequestUri()? In other words, use the power of Zend_Uri and make sure only the "path" part of a uri is ever set as the request uri member?

In the mean time I'm just replacing this:



With:

$requestUri = preg_replace( '/^https?:\/\/' . $_SERVER['HTTP_HOST'] . '/i', '', $_SERVER['REQUEST_URI'] );```

FYI, this might show up in the zf general mailing list too. I'm having all sorts of trouble with my subscription and I don't think my emails ever did get through, but maybe they will ...

Comments

Fixed some wiki markup issues in description.

Scheduling for next minor release. This issue will likely take a good chunk of time to resolve, due to the necessity of testing against proxy servers in order to determine the necessary format.

Actually, fairly trvial to solve. Fixed in trunk in r12878 and in 1.7 release branch in r12879

I am seeing this again in version 1.7.6 - looks like it has been reintroduced

Not sure what you're having a problem with Al Briggs. We just upgraded to ZF 1.7.6 and using proxy via http works fine now :)

Cheers Matthew