httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Edwards <nick.z.edwa...@gmail.com>
Subject Re: Listen 443 https (SSLEngine Optional - dual host)
Date Sun, 17 Sep 2017 01:07:53 GMT
phpmyadmin 4.4.15  is YEARS old

we using 4.7 for nearly a year, 4.7.2 is current

this from a troll who verbally abuses the hell out of people on other lists
for posting similar comments using very outdated softwares   HAH, this ones
in google for life.


On Sun, Sep 17, 2017 at 10:24 AM, Reindl Harald <h.reindl@thelounge.net>
wrote:

>
> that's even more worse - phpMyAdmin 4.4.15.10 seems to handle something
> wrong because $_SERVER['SERVER_PORT'] is wrong - and i had myself some bad
> code using that var instead of $_SERVER['HTTPS'] which again leaded in a
> endless loop
>
> in case of phpMyAdmin it redirects to https://hostname:80/path/ after
> enter username/password - the workaround below in the config file seems to
> solve that for now, but all in all that leaves a very bad taste
>
> if(empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] === 'off')
> {
>  $cfg['ForceSSL'] = false;
> }
> else
> {
>  $cfg['ForceSSL'] = true;
> }
>
>
> Am 14.09.2017 um 18:16 schrieb Reindl Harald:
>
>> Am 14.09.2017 um 16:08 schrieb Stefan Eissing:
>>
>>> Ok, as I read the code a bit more, there is a tangle of things that can
>>> influence port/scheme selection. But what I can see, the version in *trunk*
>>> should do the right thing *iff*
>>>
>>> a) you use "SSLEngine *:443" instead of "Optional"
>>> b) you use "ServerName xxx.yyy" *without* a port name
>>>
>>> the a
>>> <VirtualHost *:80 *:443>
>>>    ServerName xxx.yyy
>>>    SSLEngine *:443
>>>     ...
>>> </VirtualHost>
>>>
>>> should do the right thing here. Internal methods used to generator
>>> Redirect Location headers, namely
>>> ap_construct_url()
>>> ap_get_server_port()
>>> ap_http_scheme()
>>> should give back the correct values for each connection and als fill the
>>> Env Variables with the correct values.
>>>
>>
>> what means "trunk" here?
>> a future 2.5/2.6/3.0 or a 2.4.x in the near future?
>>
>> within 2 weeks you need TLS on each and every host since Chrome starts to
>> warn about every page with a form tag and no TLS
>>
>> [root@srv-rhsoft:~]$ apachectl -t
>> AH00526: Syntax error on line 29 of /etc/httpd/conf/sites_enabled/
>> contentlounge.conf:
>> Argument must be On, Off, or Optional
>>
>>> Am 14.09.2017 um 15:46 schrieb Reindl Harald <h.reindl@thelounge.net>:
>>>>
>>>>
>>>>
>>>> Am 14.09.2017 um 15:40 schrieb Stefan Eissing:
>>>>
>>>>> Harald,
>>>>> could you check if a configuration like:
>>>>>    UseCanonicalPhysicalPort on
>>>>> in the server or vhost mitigates the problem?
>>>>>
>>>>
>>>> it makes it even more terrible and the resulting http:// protocol
>>>> instead https// on port 443 here even tiggers mod_security
>>>>
>>>> even if it would mitigate that issue - having ports in redirect urls
>>>> easily leads to a lot of other problems when proxy-servers are part of the
>>>> game
>>>>
>>>> [harry@srv-rhsoft:/mnt/data/downloads]$ curl --head --insecure
>>>> https://contentlounge/cms
>>>> HTTP/1.1 301 Moved Permanently
>>>> Date: Thu, 14 Sep 2017 13:43:06 GMT
>>>> X-DNS-Prefetch-Control: off
>>>> X-Content-Type-Options: nosniff
>>>> X-Response-Time: D=1561 us
>>>> Location: http://contentlounge:443/cms/
>>>> Cache-Control: max-age=0
>>>> Expires: Thu, 14 Sep 2017 13:43:06 GMT
>>>> Content-Type: text/html; charset=iso-8859-1
>>>>
>>>> Am 14.09.2017 um 12:00 schrieb Reindl Harald <h.reindl@thelounge.net>:
>>>>>>
>>>>>>
>>>>>>
>>>>>> Am 10.08.2017 um 18:22 schrieb Reindl Harald:
>>>>>>
>>>>>>> If you want to experiment...
>>>>>>>> <VirtualHost IP:80 IP:443>
>>>>>>>> is already recognized
>>>>>>>>
>>>>>>> but with "SSLEngine On" and "SSLCertificateFile" configured
>>>>>>> non-https no longer would work
>>>>>>>
>>>>>>
>>>>>> OK, figured it out
>>>>>>
>>>>>> * you need the *first* vhost with "SSLEngine On"
>>>>>> * others can have "SSLEngine optional" and listen to 80 and 443
>>>>>>
>>>>>> but there is a bug: https://bz.apache.org/bugzilla
>>>>>> /show_bug.cgi?id=61519
>>>>>>
>>>>>> if the trailing slash is missing in the url the automatic redirect
to
>>>>>> the full qualified folder-path points to http:// instead https://
>>>>>> and that does not happen within a vhost dedicated to :443 and "SSLEngine
On"
>>>>>>
>>>>>> i was trapped in a endless loop because the php script making a
>>>>>> redirect to https:// had a bug and missed the traling / too
>>>>>>
>>>>>> <VirtualHost *:80 *:443>
>>>>>> DocumentRoot "/www/contentlounge"
>>>>>> ServerName contentlounge.rhsoft.net
>>>>>> SSLEngine optional
>>>>>> SSLCertificateFile "conf/ssl/rhsoft.net.pem"
>>>>>> </VirtualHost>
>>>>>>
>>>>>> [harry@srv-rhsoft:~]$ curl --head --insecure
>>>>>> https://contentlounge/cms
>>>>>> HTTP/1.1 301 Moved Permanently
>>>>>> Date: Thu, 14 Sep 2017 09:40:27 GMT
>>>>>> X-DNS-Prefetch-Control: off
>>>>>> X-Content-Type-Options: nosniff
>>>>>> X-Response-Time: D=1311 us
>>>>>> Location: http://contentlounge/cms/
>>>>>> Cache-Control: max-age=0
>>>>>> Expires: Thu, 14 Sep 2017 09:40:27 GMT
>>>>>> Content-Type: text/html; charset=iso-8859-1
>>>>>>
>>>>>

Mime
View raw message