[Modules] mod_gnutls: HTTPS server variable set incorrectly for mod_rewrite's RewriteCond

Jack Bates ms419 at freezone.co.uk
Tue Feb 10 12:00:27 EST 2009 

Sander Marechal reports that mod_rewrite does not find the value "on" in
the %{HTTPS} server variable when HTTPS is enabled with mod_gnutls:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514005

I confirmed that this behavior still exists in mod_gnutls trunk revision
404. I used this RewriteRule to copy the %{HTTPS} server variable to an
environment variable:

RewriteRule . - [E=FOO:%{HTTPS}]

Here is my httpd.conf:
http://cgi.sfu.ca/~jdbates/tmp/mod-gnutls/200902070/httpd.conf

Then I used this CGI to echo the environment variables:
http://cgi.sfu.ca/~jdbates/tmp/mod-gnutls/200902070/index.cgi

I used wget to get the output of this CGI:

$ wget https://localhost:8080/index.cgi --no-check-certificate

- here it is: http://cgi.sfu.ca/~jdbates/tmp/mod-gnutls/200902070/wget

Notice that while the value of the "HTTPS" environment variable is "on",
the value of the "FOO" environment variable (which is where I copied the
value of the %{HTTPS} server variable with mod_rewrite) is "off"

On Tue, 2009-02-03 at 12:09 +0100, Sander Marechal wrote:
> Package: libapache2-mod-gnutls
> Version: 0.5.1-1
> Severity: normal
> File: mod_gnutls
> 
> 
> mod_gnutls does not set the HTTPS server variable correctly for mod_rewrite. Note that this
> appears to be a different variable than the HTTPS environment variable.
> 
> I have mod_gnutls loaded on my server and I have a simple rewrite rule to redirect HTTPS POST calls
> on my non-SSL protected site to my SSL protected site, like so:
> 
> 	RewriteEngine On
> 	RewriteCond %{REQUEST_METHOD} ^POST$
> 	RewriteCond %{HTTPS} ^off$
> 	RewriteRule ^xmlrpc(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L,QSA]
> 
> Here is the output of ModRewrite with RewriteLogLevel 5. Note that the contents of %{HTTPS}
> is "off". Apparently mod_gnutls does not set this variable.
> 
> 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (2) init rewrite engine with requested uri 
> /xmlrpc
> 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (1) pass through /xmlrpc
> 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (3) [perdir 
> /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] strip per-dir prefix: 
> /home/sander/projects/odf-shots/trunk/server/www/app/webroot/xmlrpc -> xmlrpc
> 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (3) [perdir 
> /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] applying pattern '^xmlrpc(.*)$' to uri 'xmlrpc'
> 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (4) [perdir 
> /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] RewriteCond: input='POST' pattern='^POST$' => matched
> 
> # Here is the culprit
> 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (4) [perdir 
> /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] RewriteCond: input='off' pattern='^off$' => matched
> 
> 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (2) [perdir 
> /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] rewrite 'xmlrpc' -> 'https://odf-shots.jejik.com/xmlrpc'
> 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (2) [perdir 
> /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] explicitly forcing redirect with https://odf-shots.jejik.com/xmlrpc
> 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (1) [perdir 
> /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] escaping https://odf-shots.jejik.com/xmlrpc for redirect
> 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (1) [perdir 
> /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] redirect to https://odf-shots.jejik.com/xmlrpc?XDEBUG_SESSION_START=1 [REDIRECT/302]
> 
> 
> The contents of %{HTTPS} should have been set to "on" by mod_gnutls.
> 
> -- System Information:
> Debian Release: 5.0
>   APT prefers testing
>   APT policy: (500, 'testing')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 2.6.25-2-amd64 (SMP w/4 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/bash
> 
> Versions of packages libapache2-mod-gnutls depends on:
> ii  libc6                         2.7-18     GNU C Library: Shared libraries
> ii  libgnutls26                   2.4.2-4    the GNU TLS library - runtime libr
> 
> libapache2-mod-gnutls recommends no packages.
> 
> libapache2-mod-gnutls suggests no packages.
> 
> -- no debconf information
> 
> 
>

More information about the Modules mailing list