You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2004/08/04 15:08:14 UTC
DO NOT REPLY [Bug 30464] New: -
SSL_ variables from mod_ssl not available for RewriteCond tests in mod_rewrite
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=30464>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=30464
SSL_ variables from mod_ssl not available for RewriteCond tests in mod_rewrite
Summary: SSL_ variables from mod_ssl not available for
RewriteCond tests in mod_rewrite
Product: Apache httpd-2.0
Version: 2.0.50
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: Other
Component: mod_rewrite
AssignedTo: bugs@httpd.apache.org
ReportedBy: ruediger.pluem@vodafone.com
Hi,
1. Environment:
OS: Linux
Apache: 2.0.50
2. Problem:
As I upgraded some Apache 1.3.x systems to Apache 2.0.50 I noticed that the
SSL_ variables defined by mod_ssl are no longer available for checks
with RewriteCond.
In Apache 1.3.x RewriteConds like the following delivered reasonable results:
RewriteCond %{SSL_CIPHER_USEKEYSIZE} !^[0-9][0-9][0-9]
On Apache 2.0.50 the input stays empty as the following excerpt from
the RewriteLog (Level 9) shows:
92.168.2.4 - - [04/Aug/2004:11:57:06 +0200] [www.something.de/sid#8122700][rid#
818a1b0/initial] (4) RewriteCond: input='' pattern='!^[0-9][0-9][0-9]' => matche
d
Even after adding SSLOptions +StdEnvVars and modifying the RewriteCond to
RewriteCond %{ENV:SSL_CIPHER_USEKEYSIZE} !^[0-9][0-9][0-9]
nothing changed. The input remains empty.
3. Analysis
The root cause for this problem is that mod_ssl writes its SSL_ variables
to r->subprocess_env in its fixup handler (provided SSLOptions contains
StdEnvVars), but all fixup handlers are executed after the translate_name
handlers. On the other hand the evaluation of the rewrite rules happens
in mod_rewrites translate_name handler, so the variables are not available
at this point of time.
4. Solution proposal
I noticed that the documentation for mod_rewrite of Apache 2.1 points out
a special prefix for the SSL_ variables named SSL: (like ENV: for environment
variables). So the solution approach is to add a piece of code to
lookup_variable in mod_rewrite.c that checks for variablenames that start with
SSL: after the check for the variables which names start with ENV:.
The mod_ssl function ssl_var_lookup can be used to get the values for the
specific variables as it has been registered by mod_ssl with
APR_REGISTER_OPTIONAL_FN in ssl_engine_vars.c. After that it would be
possible to check the SSL_ variables in RewriteCond's via prefixing the
variable name with SSL:. For example the following RewriteCond
RewriteCond %{SSL:SSL_CIPHER_USEKEYSIZE} !^[0-9][0-9][0-9]
would be a replacement for my old (Apache 1.3.x) RewriteCond
RewriteCond %{SSL_CIPHER_USEKEYSIZE} !^[0-9][0-9][0-9]
I wrote an appropriate patch for mod_rewrite which I tested on my environment.
It worked as designed. I attach the patch.
Regards
Rüdiger Plüm
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org