Skip to content

[help needed] This is a minimal implementation of the Apache module demonstrating the problem with interception of POST requests within a handler.

Notifications You must be signed in to change notification settings

dnym/poc-apache

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Introduction

This is a minimal implementation of the Apache module demonstrating the problem with interception of POST requests within a handler.

The module should intercept each POST request, analyse it, and if it contains the letter "Z", it should reply the web page with the text "The letter 'Z' was found!" back to the client and block further processing the request by other handlers (e.g. PHP). If the request doesn't contain such letter in the POST body, it should continue processing the request as usual.

The implementation is based on the Apache handler and auxiliary input filter to cache POST body for other handlers (e.g. PHP). It works in case of mod_php, mod_fcgid, but fails when PHP is set up as classic CGI (with Apache's Action directive).

Compiling and running

To make running this module with ease, we prepared the dockerized environment to compile and run it:

docker build -t mod_poc .
docker run --rm --name mod_poc -p 8000:80 -ti mod_poc

Then open the following link with your web browser:

http://localhost:8000/

Testing procedure

The testing page contains two forms. One of the form was handled by PHP running as FastCGI script, another one - by the PHP running as CGI.

Testing procedure (for each form):

  1. Enter any text without letter 'Z' in the field and press Submit button.
  2. The PHP output should appear displaying the same text. Now return back.
  3. Enter any text with letter 'Z' in the field and press Submit button.
  4. The text "The letter 'Z' was found!" should appear, it was generated by the mod_poc module instead of PHP.

As you can see, the FastCGI works correctly, but Classic CGI looses the form data, step 2 fails.

Help needed!

Please submit a pull request or email me at d.prochko@botguard.net if you can fix this issue. A suitable solution will be paid for.

About

[help needed] This is a minimal implementation of the Apache module demonstrating the problem with interception of POST requests within a handler.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C 56.0%
  • HTML 31.8%
  • Dockerfile 7.8%
  • PHP 4.4%