You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2017/02/02 11:24:50 UTC

[Bug 59829] Detect HTTPS marker from reverse proxy

https://bz.apache.org/bugzilla/show_bug.cgi?id=59829

coladict@gmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #34024|0                           |1
        is obsolete|                            |
  Attachment #34249|0                           |1
        is obsolete|                            |

--- Comment #16 from coladict@gmail.com ---
Created attachment 34709
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=34709&action=edit
Updated patch that sets SERVER_PORT and REQUEST_SCHEME

Since you correctly voiced concerns about the SERVER_PORT, I took another shot
at it, and discovered that setting it in the environment doesn't work. The
correct way was to register call ap_hook_http_scheme and ap_hook_default_port
to register overrides. Both hook functions assume are written under the
assumption you're not using mod_ssl, because you're behind a proxy.

Patch is tested on trunk 2.5 version from about 20 hours ago. Testing via
phpinfo() gives these values when NOT using HTTPS:
SERVER_PORT     80 
REQUEST_SCHEME  http 
With HTTPS not being set, while calling it through a HTTPS request gives:
HTTPS   on 
SERVER_PORT     443 
REQUEST_SCHEME  https

When I configured `SecureIndicatorSSLPort 5512` in httpd.conf, the
`SERVER_PORT` changed accordingly.

I haven't added checks for the validity of the parsed SecureIndicatorSSLPort
value, but otherwise it seems complete.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org