proxy action URI should not be "canonicalized" by mod_proxy #763
Description
When using the proxy action with a non-trivial URL, mod_proxy canonicalizes it. This is implemented badly in mod_proxy_http, but more importantly, the user will expect that the URL provided in the proxy action will be what is sent to the backend server. So, mod_security shouldn't let mod_proxy canonicalize it. Here's a one-line patch to accomplish this:
--- modsecurity-apache_2.7.4/apache2/mod_security2.c 2013-05-26 21:33:36.000000000 -0600
+++ modsecurity-apache_2.7.4_nocanon_patch/apache2/mod_security2.c 2014-07-31 10:16:33.000000000 -0600
@@ -205,6 +205,7 @@
log_escape_nq(msr->mp, actionset->intercept_uri));
} else {
msr->r->filename = apr_psprintf(msr->mp, "proxy:%s", actionset->intercept_uri);
+ apr_table_setn(msr->r->notes,"proxy-nocanon",1);
msr->r->proxyreq = PROXYREQ_REVERSE;
msr->r->handler = "proxy-server";
status = OK;