Project

General

Profile

Actions

Bug #2863

closed

$_SERVER['HTTPS'] showing "on" despite not being a HTTPS request

Added by patryk about 6 years ago. Updated about 6 years ago.

Status:
Duplicate
Priority:
Normal
Category:
-
Target version:
ASK QUESTIONS IN Forums:

Description

Hi!

we have a Lighttpd + PHP-FPM setup and getting sometimes non-https requests but the $_SERVER['HTTPS'] global variable in PHP is showing "on". I'm not able to reproduce it, it happens from time to time - but if it happens it stays this way. All our vhosts on this server are then affected by that problem. We don't have any proxy/routing/load-balancing setup.

Lighttpd version is 1.4.31-4+deb7u5 (Debian Wheezy package). The header somehow gets "corrected" when i access a different vhost via a mod_proxy forwarded request... it feels like "HTTPS" gets cached and then fixed.

I searched the the issue tracker and checked the changelogs of newer Lighttpd versions. The only issue i found that might be somehow related is https://redmine.lighttpd.net/issues/1499 but i'm not really sure... or could this be an PHP issue (running 5.5.38-1~dotdeb+7.1)?

Thanks!

Cheers,
Patryk

Actions #1

Updated by gstrauss about 6 years ago

  • Status changed from New to Duplicate

Sorry. We can't accept bugs from distros whose lighttpd package maintainers do not responsibly take bug fixes into their "maintained" distros.
Also, Wheezy is so old it is no longer maintained by Debian.

What you are seeing was probably fixed almost two years ago in #1499.

Please don't report bugs in ANCIENT versions of the software. Try a modern version of lighttpd and see if you still have an issue. If you do, then please report it.

Actions

Also available in: Atom