You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2004/08/04 15:08:14 UTC

DO NOT REPLY [Bug 30464] New: - SSL_ variables from mod_ssl not available for RewriteCond tests in mod_rewrite

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=30464>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=30464

SSL_ variables from mod_ssl not available for RewriteCond tests in mod_rewrite

           Summary: SSL_ variables from mod_ssl not available for
                    RewriteCond tests in mod_rewrite
           Product: Apache httpd-2.0
           Version: 2.0.50
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: mod_rewrite
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: ruediger.pluem@vodafone.com


Hi,

1. Environment:

OS: Linux
Apache: 2.0.50

2. Problem:

As I upgraded some Apache 1.3.x systems to Apache 2.0.50 I noticed that the
SSL_ variables defined by mod_ssl are no longer available for checks
with RewriteCond.

In Apache 1.3.x RewriteConds like the following delivered reasonable results:

RewriteCond %{SSL_CIPHER_USEKEYSIZE} !^[0-9][0-9][0-9]

On Apache 2.0.50 the input stays empty as the following excerpt from
the RewriteLog (Level 9) shows:

92.168.2.4 - - [04/Aug/2004:11:57:06 +0200] [www.something.de/sid#8122700][rid#
818a1b0/initial] (4) RewriteCond: input='' pattern='!^[0-9][0-9][0-9]' => matche
d

Even after adding SSLOptions +StdEnvVars and modifying the RewriteCond to

RewriteCond %{ENV:SSL_CIPHER_USEKEYSIZE} !^[0-9][0-9][0-9]

nothing changed. The input remains empty.

3. Analysis

The root cause for this problem is that mod_ssl writes its SSL_ variables
to r->subprocess_env in its fixup handler (provided SSLOptions contains
StdEnvVars), but all fixup handlers are executed after the translate_name
handlers. On the other hand the evaluation of the rewrite rules happens
in mod_rewrites translate_name handler, so the variables are not available
at this point of time.

4. Solution proposal

I noticed that the documentation for mod_rewrite of Apache 2.1 points out
a special prefix for the SSL_ variables named SSL: (like ENV: for environment
variables). So the solution approach is to add a piece of code to
lookup_variable in mod_rewrite.c that checks for variablenames that start with
SSL: after the check for the variables which names start with ENV:.
The mod_ssl function ssl_var_lookup can be used to get the values for the
specific variables as it has been registered by mod_ssl with
APR_REGISTER_OPTIONAL_FN in ssl_engine_vars.c. After that it would be
possible to check the SSL_ variables in RewriteCond's via prefixing the
variable name with SSL:. For example the following RewriteCond 

RewriteCond %{SSL:SSL_CIPHER_USEKEYSIZE} !^[0-9][0-9][0-9]

would be a replacement for my old (Apache 1.3.x) RewriteCond

RewriteCond %{SSL_CIPHER_USEKEYSIZE} !^[0-9][0-9][0-9]

I wrote an appropriate patch for mod_rewrite which I tested on my environment.
It worked as designed. I attach the patch.


Regards

Rüdiger Plüm

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org