Project

General

Profile

Actions
Copy link

Bug #2288

closed

Directory trailing-slash redirect should respect X-Forwarded-Proto header

Added by derekp about 13 years ago. Updated almost 8 years ago.

Status:
Fixed
Priority:
Normal
Category:
core
Target version:
-
ASK QUESTIONS IN Forums:

Description

Scenario:
  • LighTTPD, with mod_extforward configured, is sitting behind a reverse proxy
  • User agent requests https://some.server/some/dir
  • The reverse proxy terminates SSL and inserts an X-Forwarded-For: https header into the plaintext request to LighTTPD

LighTTPD should respond with a redirect to https://some.server/some/dir/, but instead redirects to http://some.server/some/dir/. As in Issue #1499, when the X-Forwarded-For: https header is present, LighTTPD should pretend to serve an HTTPS request in every way except doing the actual encryption.

Here's the offending excerpt from http_response_redirect_to_directory(...) (in src/http-header-glue.c):

    if (con->conf.is_ssl) {
        buffer_copy_string(o, "https://");
    } else {
        buffer_copy_string(o, "http://");
    }

It should be more like this excerpt from src/mod_fastcgi.c:

    if (srv_sock->is_ssl || srv_sock->is_proxy_ssl) {
        FCGI_ENV_ADD_CHECK(fcgi_env_add(p->fcgi_env, CONST_STR_LEN("HTTPS"), CONST_STR_LEN("on")),con)
    }

Actions
Copy link
 #1

Updated by gstrauss about 8 years ago

  • Status changed from New to Fixed
  • Target version set to 1.4.x

fixed in 05858f6c

commit 05858f6cf2d93f49c8995aed05e79b7bc68538b3
Author: Stefan Bühler <stbuehler@web.de>
Date:   Wed Jul 31 20:23:21 2013 +0000
Actions
Copy link
 #2

Updated by stbuehler almost 8 years ago

  • Target version deleted (1.4.x)
Actions
Copy link

Also available in: Atom