[pkg-lighttpd] Bug#501354: Regression in FastCGI path handling in 1.4.13-4etch11 security upload
Chris Lamb
lamby at debian.org
Mon Oct 6 20:27:19 UTC 2008
Package: lighttpd
Version: 1.4.13-4etch11
Tags: security
Hi,
When upgrading from 1.4.13-4etch10 to 1.4.13-4etch11, I noticed that my
FastCGI applications were not being passed the correct path. For example,
visiting "/foo" would result in the application (NB. not the webserver)
reporting a 404 at "/mytab.fcgi/foo".
My lighttpd setup is quite simple and mostly copied from the the Django
documentation:
$SERVER["socket"] == "89.16.166.30:443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/mytab.pem"
$HTTP["host"] =~ "^(www\.)?mytab\.co\.uk$" {
server.document-root = "/srv/mytab.co.uk/htdocs/app/mytab/"
url.rewrite-once = (
"^(/site_media/.*)$" => "$1",
"^(/media/.*)$" => "$1",
"^(/.*)$" => "mytab.fcgi$1",
)
}
}
fastcgi.server = (
"/mytab.fcgi" => (
(
"socket" => "/srv/mytab.co.uk/htdocs/mysite.sock",
"check-local" => "disable",
)
),
)
Re-installing lighttpd 1.4.13-4etch10 fixes this issue. Am I misconfiguring
FastCGI incorrectly with respect to those changes in this upload?
(Tagging as 'security' to alert the uploader, feel free to drop it.)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` lamby at debian.org
`-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-lighttpd-maintainers/attachments/20081006/414033f1/attachment.pgp
More information about the pkg-lighttpd-maintainers
mailing list