Actions
Bug #2830
closed1.4.46 regression: $SERVER["socket"] matches when it shouldn't
ASK QUESTIONS IN Forums:
Description
i had such config fragment:
# redirect plain http $SERVER["socket"] == ":80" { $HTTP["host"] == "example.net" { url.redirect = ( "^/git/(.*)" => "https://example.net/$1", "^/(.*)" => "https://example.net/$1", ) } } $HTTP["host"] == "example.net" { server.document-root = "/var/www", }
and upgrading 1.4.45 > 1.4.46 resulted redirect loop (redirecting http>https; https->https; https->https; https->https....)
the fix is simple, use this check instead:
$HTTP["scheme"] == "http" {
as documented: https://redmine.lighttpd.net/projects/lighttpd/wiki/HowToRedirectHttpToHttps
however i consider it regression, should at least mentioned somewhere.
Updated by stbuehler about 7 years ago
$SERVER["socket"] == ":80"
shouldn't match https on port 443, we should fix that instead of documenting it :)
Updated by stbuehler about 7 years ago
- Has duplicate Bug #2831: Authentication setting bug in 1.4.46 added
Updated by stbuehler about 7 years ago
- Subject changed from 1.4.46 regression: $SERVER["socket"] test for http/https redirect fails to 1.4.46 regression: $SERVER["socket"] matches when it shouldn't
Updated by stbuehler about 7 years ago
- Priority changed from Normal to High
- Target version changed from 1.4.x to 1.4.47
Updated by gstrauss about 7 years ago
- Category set to core
- Status changed from New to Patch Pending
I am testing this now: The address string needs to be normalized with the port. (The port was missing)
[edited]
--- a/src/network.c +++ b/src/network.c @@ -205,7 +205,14 @@ static int network_server_init(server *srv, buffer *host_token, size_t sidx, int srv_socket->is_ssl = s->ssl_enabled; srv_socket->srv_token = buffer_init(); - sock_addr_inet_ntop_copy_buffer(srv_socket->srv_token, &srv_socket->addr); + if (addr.plain.sa_family == AF_INET6) buffer_append_string_len(srv_socket->srv_token, CONST_STR_LEN("[")); + sock_addr_inet_ntop_append_buffer(srv_socket->srv_token, &srv_socket->addr); + if (addr.plain.sa_family == AF_INET6) buffer_append_string_len(srv_socket->srv_token, CONST_STR_LEN("]")); + if (addr.plain.sa_family != AF_UNIX) { + port = addr.plain.sa_family == AF_INET ? ntohs(addr.ipv4.sin_port) : ntohs(addr.ipv6.sin6_port); + buffer_append_string_len(srv_socket->srv_token, CONST_STR_LEN(":")); + buffer_append_int(srv_socket->srv_token, port); + } /* update host_token (dc->string) for consistent string comparison in lighttpd.conf conditions */ buffer_copy_buffer(host_token, srv_socket->srv_token);
Updated by gstrauss about 7 years ago
- Status changed from Patch Pending to Fixed
- % Done changed from 0 to 100
Applied in changeset 585206616d867c3bd3171331bf63cdadd8e5093d.
Actions
Also available in: Atom