httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrei <lag...@gmail.com>
Subject [users@httpd] Re: Spoofing SERVER_PORT/HTTPS env?
Date Thu, 23 Mar 2017 05:12:47 GMT
bump

On Thu, Mar 16, 2017 at 5:33 PM, Andrei <lagged@gmail.com> wrote:

> Hello everyone,
>
> I have a setup with Varnish/Hitch in front of Apache, where Hitch proxies
> the SSL traffic to Varnish via HTTP, and Apache receives the request via
> HTTP while the client request was done via https. This local downgrade is
> due to Varnish not supporting SSL. Since there are quite a few platforms
> out there that rely on HTTPS/SERVER_PORT checks to force https redirects
> for example, I've been toying with mod_rpaf which can spoof the environment
> variables based on X headers from a defined list of IPs, but it's not
> consistent and requires disabling keepalive due to a long standing bug -
> https://github.com/gnif/mod_rpaf/issues/42. That being said, I'm trying
> to ditch mod_rpaf and spoof the variables using SetEnvIf based on a custom
> X-Header instead, which will be set by Varnish. The only problem I'm
> running in to is overriding SERVER_PORT. For example, if I have:
>
> SetEnvIf X-HTTPS "on" HTTPS=on
> SetEnvIf X-HTTPS "on" REQUEST_SCHEME=https
> SetEnvIf X-HTTPS "on" SERVER_PORT=443
>
> The above results in:
>
> root@avi [~]# curl -sH"X-HTTPS: on" http://domain.com/headers.php|egrep
> -i 'https|r_port'
> $_SERVER[HTTPS]; => on
> $_SERVER[HTTP_X_HTTPS]; => on
> $_SERVER[REQUEST_SCHEME]; => https
> $_SERVER[SERVER_PORT]; => 80
> root@avi [~]#
>
>
> While I would expect them to be:
>
> $_SERVER[HTTPS]; => on
> $_SERVER[HTTP_X_HTTPS]; => on
> $_SERVER[REQUEST_SCHEME]; => https
> $_SERVER[SERVER_PORT]; => 443
>
> If anyone knows of a different method, or module to use, I'm more than
> open to ideas. Thanks in advance!
>
>
>

Mime
View raw message