Bug #1499

HTTPS env var should be "on" when using mod_extforward and the X-Forwarded-Proto header is set.

Added by Anonymous over 7 years ago. Updated about 2 months ago.

Status:ReopenedStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:1.4.x
Missing in 1.5.x:

Description

mod_extforward should parse the "X-Forwarded-Proto" header. If it is equal to "https", this should be stored in the connection variable somewhere (i.e. the is_ssl variable should be set to 1). However, simply setting is_ssl to 1 breaks the server, so there should be another way to make mod_fastcgi set the HTTPS environment variable.

-- Thomas Steinacher <tom

extforward-proto.patch Magnifier - Here is an incomplete and ugly patch which solves the problem for fastcgi by introducing an is_proxy_ssl variable. -- Thomas Steinacher <tom (1.99 KB) Anonymous, 2007-12-31 19:48

History

#1 Updated by glen over 7 years ago

  • Status changed from New to Fixed
  • Resolution set to fixed

Committed revision r2052

#2 Updated by transacid 3 months ago

  • Status changed from Fixed to Reopened
  • Target version deleted (1.4.19)

this is not fixed (I'm on 1.4.31-4+deb7u3)

GET / HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: _pk_id.2.9fb9=cd6f3dc8e22665d5.1427806151.5.1432309044.1432303252.; _pk_ses.2.9fb9=*
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
X-Forwarded-Proto: https
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-SSL-cipher: TLSv1.2/ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES Mac=SHA1
X-Forwarded-For: X.X.X.X

2015-05-22 17:49:11: (response.c.241) run condition
2015-05-22 17:49:11: (configfile-glue.c.583) === start of condition block ===
2015-05-22 17:49:11: (configfile-glue.c.273) 10 global/HTTPscheme==https nej
8<--------
2015-05-22 17:49:11: (configfile-glue.c.471) HTTP["scheme"] ( http ) compare to https
2015-05-22 17:49:11: (configfile-glue.c.534) 1 (uncached) result: false
2015-05-22 17:49:11: (configfile-glue.c.583) === start of condition block ===
2015-05-22 17:49:11: (configfile-glue.c.235) go parent global/HTTPscheme==https
2015-05-22 17:49:11: (configfile-glue.c.541) 1 (cached) result: false
2015-05-22 17:49:11: (configfile-glue.c.534) 2 (uncached) result: false
2015-05-22 17:49:11: (configfile-glue.c.583) === start of condition block ===
2015-05-22 17:49:11: (configfile-glue.c.471) HTTP["scheme"] ( http ) compare to http
2015-05-22 17:49:11: (configfile-glue.c.534) 3 (uncached) result: true
8<--------

#3 Updated by stbuehler about 2 months ago

  • Description updated (diff)
  • Category deleted (mod_extforward)
  • Target version set to 1.4.x

Also available in: Atom