You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Andrei <la...@gmail.com> on 2017/03/23 05:12:47 UTC
[users@httpd] Re: Spoofing SERVER_PORT/HTTPS env?
bump
On Thu, Mar 16, 2017 at 5:33 PM, Andrei <la...@gmail.com> wrote:
> Hello everyone,
>
> I have a setup with Varnish/Hitch in front of Apache, where Hitch proxies
> the SSL traffic to Varnish via HTTP, and Apache receives the request via
> HTTP while the client request was done via https. This local downgrade is
> due to Varnish not supporting SSL. Since there are quite a few platforms
> out there that rely on HTTPS/SERVER_PORT checks to force https redirects
> for example, I've been toying with mod_rpaf which can spoof the environment
> variables based on X headers from a defined list of IPs, but it's not
> consistent and requires disabling keepalive due to a long standing bug -
> https://github.com/gnif/mod_rpaf/issues/42. That being said, I'm trying
> to ditch mod_rpaf and spoof the variables using SetEnvIf based on a custom
> X-Header instead, which will be set by Varnish. The only problem I'm
> running in to is overriding SERVER_PORT. For example, if I have:
>
> SetEnvIf X-HTTPS "on" HTTPS=on
> SetEnvIf X-HTTPS "on" REQUEST_SCHEME=https
> SetEnvIf X-HTTPS "on" SERVER_PORT=443
>
> The above results in:
>
> root@avi [~]# curl -sH"X-HTTPS: on" http://domain.com/headers.php|egrep
> -i 'https|r_port'
> $_SERVER[HTTPS]; => on
> $_SERVER[HTTP_X_HTTPS]; => on
> $_SERVER[REQUEST_SCHEME]; => https
> $_SERVER[SERVER_PORT]; => 80
> root@avi [~]#
>
>
> While I would expect them to be:
>
> $_SERVER[HTTPS]; => on
> $_SERVER[HTTP_X_HTTPS]; => on
> $_SERVER[REQUEST_SCHEME]; => https
> $_SERVER[SERVER_PORT]; => 443
>
> If anyone knows of a different method, or module to use, I'm more than
> open to ideas. Thanks in advance!
>
>
>
Re: [users@httpd] Re: Spoofing SERVER_PORT/HTTPS env?
Posted by Andrei <la...@gmail.com>.
So there's a restriction on $_SERVER[SERVER_PORT]? Is it compiled in?
On Mar 23, 2017 14:37, "Rainer Canavan" <ra...@sevenval.com> wrote:
[...]
>> SetEnvIf X-HTTPS "on" SERVER_PORT=443
>>
>> The above results in:
[...]
>> $_SERVER[SERVER_PORT]; => 80
We had the same problem a few years ago, and went with a
workaround in the end. We're simply setting and evaluating a
different variable instead of SERVER_PORT, e.g.
OVERRIDE_SERVER_PORT, if it is set.
rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
On Mar 23, 2017 14:37, "Rainer Canavan" <ra...@sevenval.com> wrote:
[...]
>> SetEnvIf X-HTTPS "on" SERVER_PORT=443
>>
>> The above results in:
[...]
>> $_SERVER[SERVER_PORT]; => 80
We had the same problem a few years ago, and went with a
workaround in the end. We're simply setting and evaluating a
different variable instead of SERVER_PORT, e.g.
OVERRIDE_SERVER_PORT, if it is set.
rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: Spoofing SERVER_PORT/HTTPS env?
Posted by Rainer Canavan <ra...@sevenval.com>.
[...]
>> SetEnvIf X-HTTPS "on" SERVER_PORT=443
>>
>> The above results in:
[...]
>> $_SERVER[SERVER_PORT]; => 80
We had the same problem a few years ago, and went with a
workaround in the end. We're simply setting and evaluating a
different variable instead of SERVER_PORT, e.g.
OVERRIDE_SERVER_PORT, if it is set.
rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org