httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <Russel.J.Wi...@wellsfargo.com>
Subject [users@httpd] mod_dir redirect for trailing slash behind ssl accelerator not respecting x-forwarded-proto in 2.4.7
Date Thu, 20 Mar 2014 18:35:58 GMT
I'm thinking this is a bug, but wanted to make sure I wasn't overlooking something obvious
before I posted to the database ...

Here's the situation:

*       Browser sends request for https://HTTP_HOST/public
*       We do ssl termination at an accelerator and pass to the  Apache httpd instance behind
it.
The accelerator sets the X-FORWARDED-FOR and X-FORWARDED-PROTO headers indicating it was originally
ssl and what the original remoteip was.
mod_remoteip correctly sets browsers' ip address for logging.
*        mod_dir recognizes that /public is a directory and redirects to http://HTTP_HOST/public/

BUT ... since X-FORWARDED-PROTO is set to https, it should be redirecting to https:/HTTP_HOST/public/,
and nothing is listening at the ssl accelerator for an http request and everything fails.

I have found several work arounds.

1)      Set DirectorySlash off
      this stops the behavior by returning a 404 error ... not ideal, but better than a timeout!
2)      Use rewrite to fix it beforehand:
      RewriteEngine On
      RewriteCond %{HTTP:X-Forwarded-Proto} =https
      RewriteCond    %{DOCUMENT_ROOT}%{REQUEST_FILENAME} -d
      RewriteRule    ^(.+[^/])$           https://%{HTTP_HOST}$1/ [redirect,last]

Second solution works, but seems like a lot of overhead, since every request has to be inspected
to see if it is a directory, when the only time this hits us is when mod_dir wants to do a
redirect. Every other situation works fine as a relative URL.

Any hints? Thanks.

Russ

Russ Witte, Web Engineer
Common Channel Infrastructure, Wells Fargo Bank

This message may contain confidential and/or privileged information.  If you are not the addressee
or authorized to receive this for the addressee, you must not use, copy, disclose, or take
any action on this message or any information herein.  If you have received this message in
error, please advise the sender immediately by reply e-mail and delete this message.  Thank
you for your cooperation.




Mime
View raw message