httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 59829] Detect HTTPS marker from reverse proxy
Date Tue, 31 Jan 2017 12:52:23 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=59829

--- Comment #14 from coladict@gmail.com ---
(In reply to Jean Weisbuch from comment #9)
> Its unfortunately still not enough for the HTTPS variable to work with
> mod_rewrite, such rewriterules will not work and create a redirect loop :
>     RewriteCond %{HTTPS} !=on
>     RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
> 
> 
> Its not working because mod_rewrite doesnt rely on the "HTTPS" variable but
> it does call the mod_ssl function "ssl_is_https()".
> The code calling this function is located in "lookup_variable()" in
> mod_rewrite.c where it does :
>     int flag = rewrite_is_https && rewrite_is_https(r->connection);
> 
> 
> 
> So far i havent found a simple solution to this issue that wouldnt involve
> modifying mod_rewrite (or mod_ssl).

In the scenario where you use mod_remoteip, you wouldn't have mod_ssl even
loaded. Making mod_rewrite to be less dependent on mod_ssl would be the
solution for that problem.

(In reply to Yann Ylavic from comment #12)
> Comment on attachment 34518 [details]
> using apr_itoa for integer conversion, removed comment setting
> remoteip-proxy-ip-list
> 
> From attachment 34518 [details] :
> 
> >--- httpd-fbc5e20ead005fd3a2bec05924f9e90dfd195406/modules/metadata/mod_remoteip.c
2016-09-13 21:59:18.000000000 +0200
> >+++ mod_remoteip.c	2016-12-09 13:51:20.517582087 +0100
> []
> >@@ -389,38 +458,75 @@
> []
> >+    if (secure) {
> >+        apr_table_setn(r->subprocess_env, "HTTPS", "on");
> >+        r->server->port = config->secure_port;
> >+        r->server->server_scheme = config->secure_scheme;
> 
> We really can't do that, r->server is shared between all threads/requests
> (i.e. read-only in request processing).

I have not worked on this in a while, but instead of setting r->server->port,
can't we just set the connection environment variable "SERVER_PORT"?

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message