You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2017/01/06 12:08:22 UTC

[Bug 60558] New: %{HTTPS} and %{REQUEST_SCHEME} sometimes inconsistent

https://bz.apache.org/bugzilla/show_bug.cgi?id=60558

            Bug ID: 60558
           Summary: %{HTTPS} and %{REQUEST_SCHEME} sometimes inconsistent
           Product: Apache httpd-2
           Version: 2.4.25
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: P2
         Component: mod_rewrite
          Assignee: bugs@httpd.apache.org
          Reporter: schwarz@rz.uni-kiel.de
  Target Milestone: ---

Created attachment 34598
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=34598&action=edit
minimal httpd configuration to exhibit bug

With the attached example.conf, I get situations where the variable %{HTTPS} is
"on", but the variable %{REQUEST_SCHEME} is "http", not "https".

To reproduce:
bin/httpd -f example.conf
(please provide dummy certificate pair; you may also need to LoadModule your
MPM of choice)

wget --no-check-certificate --server-response -O- http://localhost
yields
Location: [...]?port=80&scheme=http&https=off
as expected, while
wget --no-check-certificate --server-response -O- https://localhost
yields
Location: [...]?port=443&scheme=http&https=on

If disabling UseCanonicalPhysicalPort, you get port=80 in the second case as
well. A simple workaround is to not use %{REQUEST_SCHEME} at all but instead
set  an environment variable by inspecting %{HTTPS} and use that.


(I realize that having a single VirtualHost definition for ports 80 and 443 in
the way shown here probably only works by accident, not design, but it does
that from at least 2.2.3 up to 2.4.25 and provides the much-desired possibility
to avoid duplicating the entire content of the definition. Still, I guess "we
will make that use-case fail" would "fix" it.)

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 60558] %{HTTPS} and %{REQUEST_SCHEME} sometimes inconsistent

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=60558

Ulrich Schwarz <sc...@rz.uni-kiel.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |schwarz@rz.uni-kiel.de

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 60558] %{HTTPS} and %{REQUEST_SCHEME} sometimes inconsistent

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=60558

Szőgyényi Gábor <sz...@freemail.hu> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |szg0000@freemail.hu

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org