[email protected]
[Top] [All Lists]

Bug#514005: marked as forwarded (mod_gnutls: HTTPS server variable set

Subject: Bug#514005: marked as forwarded mod_gnutls: HTTPS server variable set incorrectly for mod_rewrite's RewriteCond
From: Debian Bug Tracking System
Date: Tue, 10 Feb 2009 17:03:06 +0000
Your message dated Tue, 10 Feb 2009 09:00:27 -0800
with message-id <[email protected]>
has caused the   report #514005,
regarding mod_gnutls: HTTPS server variable set incorrectly for mod_rewrite's 
RewriteCond
to be marked as having been forwarded to the upstream software
author(s) [email protected]

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
514005: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514005
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Subject: mod_gnutls: HTTPS server variable set incorrectly for mod_rewrite's RewriteCond
From: Jack Bates
Date: Tue, 10 Feb 2009 09:00:27 -0800
Sander Marechal reports that mod_rewrite does not find the value "on" in
the %{HTTPS} server variable when HTTPS is enabled with mod_gnutls:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514005

I confirmed that this behavior still exists in mod_gnutls trunk revision
404. I used this RewriteRule to copy the %{HTTPS} server variable to an
environment variable:

RewriteRule . - [E=FOO:%{HTTPS}]

Here is my httpd.conf:
http://cgi.sfu.ca/~jdbates/tmp/mod-gnutls/200902070/httpd.conf

Then I used this CGI to echo the environment variables:
http://cgi.sfu.ca/~jdbates/tmp/mod-gnutls/200902070/index.cgi

I used wget to get the output of this CGI:

$ wget https://localhost:8080/index.cgi --no-check-certificate

- here it is: http://cgi.sfu.ca/~jdbates/tmp/mod-gnutls/200902070/wget

Notice that while the value of the "HTTPS" environment variable is "on",
the value of the "FOO" environment variable (which is where I copied the
value of the %{HTTPS} server variable with mod_rewrite) is "off"

On Tue, 2009-02-03 at 12:09 +0100, Sander Marechal wrote:
> Package: libapache2-mod-gnutls
> Version: 0.5.1-1
> Severity: normal
> File: mod_gnutls
> 
> 
> mod_gnutls does not set the HTTPS server variable correctly for mod_rewrite. 
> Note that this
> appears to be a different variable than the HTTPS environment variable.
> 
> I have mod_gnutls loaded on my server and I have a simple rewrite rule to 
> redirect HTTPS POST calls
> on my non-SSL protected site to my SSL protected site, like so:
> 
>       RewriteEngine On
>       RewriteCond %{REQUEST_METHOD} ^POST$
>       RewriteCond %{HTTPS} ^off$
>       RewriteRule ^xmlrpc(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L,QSA]
> 
> Here is the output of ModRewrite with RewriteLogLevel 5. Note that the 
> contents of %{HTTPS}
> is "off". Apparently mod_gnutls does not set this variable.
> 
> 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] 
> [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (2) init rewrite engine 
> with requested uri 
> /xmlrpc
> 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] 
> [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (1) pass through /xmlrpc
> 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] 
> [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (3) [perdir 
> /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] strip per-dir 
> prefix: 
> /home/sander/projects/odf-shots/trunk/server/www/app/webroot/xmlrpc -> xmlrpc
> 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] 
> [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (3) [perdir 
> /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] applying 
> pattern '^xmlrpc(.*)$' to uri 'xmlrpc'
> 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] 
> [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (4) [perdir 
> /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] RewriteCond: 
> input='POST' pattern='^POST$' => matched
> 
> # Here is the culprit
> 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] 
> [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (4) [perdir 
> /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] RewriteCond: 
> input='off' pattern='^off$' => matched
> 
> 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] 
> [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (2) [perdir 
> /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] rewrite 
> 'xmlrpc' -> 'https://odf-shots.jejik.com/xmlrpc'
> 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] 
> [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (2) [perdir 
> /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] explicitly 
> forcing redirect with https://odf-shots.jejik.com/xmlrpc
> 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] 
> [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (1) [perdir 
> /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] escaping 
> https://odf-shots.jejik.com/xmlrpc for redirect
> 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] 
> [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (1) [perdir 
> /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] redirect to 
> https://odf-shots.jejik.com/xmlrpc?XDEBUG_SESSION_START=1 [REDIRECT/302]
> 
> 
> The contents of %{HTTPS} should have been set to "on" by mod_gnutls.
> 
> -- System Information:
> Debian Release: 5.0
>   APT prefers testing
>   APT policy: (500, 'testing')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 2.6.25-2-amd64 (SMP w/4 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/bash
> 
> Versions of packages libapache2-mod-gnutls depends on:
> ii  libc6                         2.7-18     GNU C Library: Shared libraries
> ii  libgnutls26                   2.4.2-4    the GNU TLS library - runtime 
> libr
> 
> libapache2-mod-gnutls recommends no packages.
> 
> libapache2-mod-gnutls suggests no packages.
> 
> -- no debconf information
> 
> 
> 


--- End Message ---
<Prev in Thread] Current Thread [Next in Thread>
  • Bug#514005: marked as forwarded (mod_gnutls: HTTPS server variable set incorrectly for mod_rewrite's RewriteCond), Debian Bug Tracking System <=