Re: Proxy with LWP

LWP::Simple is documented to call $ua->env_proxy, which fetches proxy information from the environment as documented in LWP::UserAgent.

It seems the env variable should be named http_proxy, not HTTP_PROXY.

Comment on Re: Proxy with LWP Select or Download Code

Replies are listed 'Best First'.
Re^2: Proxy with LWP by tachyon-II (Chaplain) on Apr 23, 2008 at 11:07 UTC
On systems with case insensitive environment variables there exists a +name clash between the CGI environment variables and the HTTP_PROXY e +nvironment variable normally picked up by env_proxy(). Because of thi +s HTTP_PROXY is not honored for CGI scripts. The CGI_HTTP_PROXY envir +onment variable can be used instead. 2001-03-14 Gisle Aas <gisle@ActiveState.com> Release 5.51 SECURITY FIX: If LWP::UserAgent::env_proxy is called in a CGI environment, the case-insensitivity when looking for "http_proxy" permits "HTTP_PROXY" to be found, but this can be trivially set by + the web client using the "Proxy:" header. The fix applied is that $ENV{HTTP_PROXY} is not longer honored for CGI scripts. The CGI_HTTP_PROXY environment variable can be used instead. Problem reported by Randal L. Schwartz. sub env_proxy { my ($self) = @_; my($k,$v); while(($k, $v) = each %ENV) { if ($ENV{REQUEST_METHOD}) { # Need to be careful when called in the CGI environment, as # the HTTP_PROXY variable is under control of that other guy. next if $k =~ /^HTTP_/; $k = "HTTP_PROXY" if $k eq "CGI_HTTP_PROXY"; } $k = lc($k); next unless $k =~ /^(.)_proxy$/; $k = $1; if ($k eq 'no') { $self->no_proxy(split(/\s,\s*/, $v)); } else { $self->proxy($k, $v); } } } [download]	[reply] [d/l]

Replies are listed 'Best First'.

Re^2: Proxy with LWP
by tachyon-II (Chaplain) on Apr 23, 2008 at 11:07 UTC

On systems with case insensitive environment variables there exists a 
+name clash between the CGI environment variables and the HTTP_PROXY e
+nvironment variable normally picked up by env_proxy(). Because of thi
+s HTTP_PROXY is not honored for CGI scripts. The CGI_HTTP_PROXY envir
+onment variable can be used instead.

2001-03-14   Gisle Aas <gisle@ActiveState.com>

    Release 5.51

    SECURITY FIX: If LWP::UserAgent::env_proxy is called in a CGI
    environment, the case-insensitivity when looking for "http_proxy"
    permits "HTTP_PROXY" to be found, but this can be trivially set by
+ the
    web client using the "Proxy:" header.  The fix applied is that
    $ENV{HTTP_PROXY} is not longer honored for CGI scripts.
    The CGI_HTTP_PROXY environment variable can be used instead.
    Problem reported by Randal L. Schwartz.

sub env_proxy {
    my ($self) = @_;
    my($k,$v);
    while(($k, $v) = each %ENV) {
    if ($ENV{REQUEST_METHOD}) {
        # Need to be careful when called in the CGI environment, as
        # the HTTP_PROXY variable is under control of that other guy.
        next if $k =~ /^HTTP_/;
        $k = "HTTP_PROXY" if $k eq "CGI_HTTP_PROXY";
    }
    $k = lc($k);
    next unless $k =~ /^(.*)_proxy$/;
    $k = $1;
    if ($k eq 'no') {
        $self->no_proxy(split(/\s*,\s*/, $v));
    }
    else {
        $self->proxy($k, $v);
    }
    }
}
[download]

[reply]
[d/l]