Bug #2839
closed1.4.47 conditional log - HTTP scheme issue
Description
I am noticing an odd behavior with the Lighttpd conditional error log between versions 1.4.45 vs 1.4.47.
When parsing the config below it produces slightly different results. The 1.4.47 has the separate module "mod_openssl" and maybe that is the reason?
In version 1.4.47, the "Scheme" conditional is showing as: "10 global/HTTPscheme==http not available yet"
and then mid way it shows: "HTTP["scheme"] ( https ) compare to http"
but this is out of order from the config conditional ordering.
Is this behavior expected?
=====================================================================================
$HTTP["scheme"] == "http" {
url.rewrite-once = ( ".*" => "index.php" )
}
$HTTP["remoteip"] =~ ".*" {
$SERVER["socket"] == "0.0.0.0:8443" {
ssl.engine = "enable"
ssl.pemfile = "/var/unbound/cert.pem"
}
$SERVER["socket"] == "10.10.10.1:443" {
ssl.engine = "enable"
ssl.pemfile = "/var/unbound/cert.pem"
}
$HTTP["host"] =~ ".*" {
url.rewrite-once = ( ".*" => "index.php" )
}
}
=====================================================================================
lighttpd/1.4.45 (ssl) - a light and fast webserver
Build-Date: Apr 3 2017 21:02:42
FreeBSD 11.0
2017-11-12 23:45:15: (log.c.217) server started
2017-11-12 23:45:22: (configfile-glue.c.694) === start of condition block ===
2017-11-12 23:45:22: (configfile-glue.c.557) HTTP["scheme"] ( https ) compare to http
2017-11-12 23:45:22: (configfile-glue.c.615) 1 (uncached) result: false
2017-11-12 23:45:22: (configfile-glue.c.694) === start of condition block ===
2017-11-12 23:45:22: (configfile-glue.c.557) HTTP["remoteip"] ( 192.168.1.65 ) compare to .*
2017-11-12 23:45:22: (configfile-glue.c.615) 2 (uncached) result: true
2017-11-12 23:45:22: (configfile-glue.c.694) === start of condition block ===
2017-11-12 23:45:22: (configfile-glue.c.350) go parent global/HTTPremoteip=~.*
2017-11-12 23:45:22: (configfile-glue.c.622) 2 (cached) result: true
2017-11-12 23:45:22: (configfile-glue.c.557) SERVER["socket"] ( 0.0.0.0:8443 ) compare to 0.0.0.0:8443
2017-11-12 23:45:22: (configfile-glue.c.615) 3 (uncached) result: true
2017-11-12 23:45:22: (configfile-glue.c.694) === start of condition block ===
2017-11-12 23:45:22: (configfile-glue.c.350) go parent global/HTTPremoteip=~.*
2017-11-12 23:45:22: (configfile-glue.c.622) 2 (cached) result: true
2017-11-12 23:45:22: (configfile-glue.c.557) SERVER["socket"] ( 0.0.0.0:8443 ) compare to 10.10.10.1:443
2017-11-12 23:45:22: (configfile-glue.c.615) 4 (uncached) result: false
2017-11-12 23:45:22: (configfile-glue.c.694) === start of condition block ===
2017-11-12 23:45:22: (configfile-glue.c.350) go parent global/HTTPremoteip=~.*
2017-11-12 23:45:22: (configfile-glue.c.622) 2 (cached) result: true
2017-11-12 23:45:22: (configfile-glue.c.557) HTTP["host"] ( example.com ) compare to .*
2017-11-12 23:45:22: (configfile-glue.c.615) 5 (uncached) result: true
=====================================================================================
lighttpd/1.4.47 (ssl) - a light and fast webserver
FreeBSD 11.1
2017-11-12 23:43:42: (configfile-glue.c.677) === start of condition block ===
2017-11-12 23:43:42: (configfile-glue.c.385) 10 global/HTTPscheme==http not available yet
2017-11-12 23:43:42: (configfile-glue.c.589) 1 (uncached) result: unset
2017-11-12 23:43:42: (configfile-glue.c.677) === start of condition block ===
2017-11-12 23:43:42: (configfile-glue.c.531) HTTP["remoteip"] ( 192.168.1.65 ) compare to .*
2017-11-12 23:43:42: (configfile-glue.c.589) 2 (uncached) result: true
2017-11-12 23:43:42: (configfile-glue.c.677) === start of condition block ===
2017-11-12 23:43:42: (configfile-glue.c.342) go parent global/HTTPremoteip=~.*
2017-11-12 23:43:42: (configfile-glue.c.596) 2 (cached) result: true
2017-11-12 23:43:42: (configfile-glue.c.531) SERVER["socket"] ( 0.0.0.0:8443 ) compare to 0.0.0.0:8443
2017-11-12 23:43:42: (configfile-glue.c.589) 3 (uncached) result: true
2017-11-12 23:43:42: (configfile-glue.c.677) === start of condition block ===
2017-11-12 23:43:42: (configfile-glue.c.342) go parent global/HTTPremoteip=~.*
2017-11-12 23:43:42: (configfile-glue.c.596) 2 (cached) result: true
2017-11-12 23:43:42: (configfile-glue.c.531) SERVER["socket"] ( 0.0.0.0:8443 ) compare to 10.10.10.2:443
2017-11-12 23:43:42: (configfile-glue.c.589) 4 (uncached) result: false
2017-11-12 23:43:42: (configfile-glue.c.677) === start of condition block ===
2017-11-12 23:43:42: (configfile-glue.c.342) go parent global/HTTPremoteip=~.*
2017-11-12 23:43:42: (configfile-glue.c.596) 2 (cached) result: true
2017-11-12 23:43:42: (configfile-glue.c.385) 3 global/HTTPremoteip=~.*/HTTPhost=~.* not available yet
2017-11-12 23:43:42: (configfile-glue.c.589) 5 (uncached) result: unset
2017-11-12 23:43:43: (configfile-glue.c.677) === start of condition block ===
2017-11-12 23:43:43: (configfile-glue.c.531) HTTP["scheme"] ( https ) compare to http
2017-11-12 23:43:43: (configfile-glue.c.589) 1 (uncached) result: false
2017-11-12 23:43:43: (configfile-glue.c.677) === start of condition block ===
2017-11-12 23:43:43: (configfile-glue.c.596) 2 (cached) result: true
2017-11-12 23:43:43: (configfile-glue.c.677) === start of condition block ===
2017-11-12 23:43:43: (configfile-glue.c.596) 3 (cached) result: true
2017-11-12 23:43:43: (configfile-glue.c.677) === start of condition block ===
2017-11-12 23:43:43: (configfile-glue.c.596) 4 (cached) result: false
2017-11-12 23:43:43: (configfile-glue.c.677) === start of condition block ===
2017-11-12 23:43:43: (configfile-glue.c.342) go parent global/HTTPremoteip=~.*
2017-11-12 23:43:43: (configfile-glue.c.596) 2 (cached) result: true
2017-11-12 23:43:43: (configfile-glue.c.531) HTTP["host"] ( example.com ) compare to .*
2017-11-12 23:43:43: (configfile-glue.c.589) 5 (uncached) result: true
Updated by gstrauss over 6 years ago
- Status changed from New to Invalid
- Target version deleted (
1.4.x)
Please post questions in the forums, not as (invalid) bug reports.
https://redmine.lighttpd.net/projects/lighttpd/boards/2
Yes, this is expected behavior and due to mod_openssl hook being applied at the socket connection level, before any application-level request has been read, before the (decoded) request-line and request headers are read, and so before any scheme is known.
Also available in: Atom