Rewrite from HTTP to HTTPS not working for web staff client with Apache 2.4

Bug #1748466 reported by Jason Stephenson
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Evergreen
Medium
Unassigned
2.12
Medium
Unassigned
3.0
Medium
Unassigned

Bug Description

Evergreen versions: 2.12.8 and 3.0.3
OpenSRF versions: Irrelevant
PostgreSQL version: Irrelevant
Apache version: 2.4+

If you install the web staff client on a server with Apache 2.4 and attempt to access it as http://host.tld/eg/staff/ you get a 403 Forbidden error rather than being redirected to https.

If you do the same with Apache 2.2 on the host, the redirect works.

Apparently the order of directive evaluation changed from Apache 2.2 to Apache 2.4. It looks like the SSLRequireSSL directive is being evaluated before any Rewrite* rules.

Removing the SSLRequireSSL form the /eg/staff location stanza in eg_vhost.conf.in allows the RewriteRule to take effect on Apache 2.4.

I will submit a branch to correct this in the example config shortly.

description: updated
Revision history for this message
Jason Stephenson (jstephenson) wrote :

I pushed the branch to user/dyrcona/lp1748466-webstaff-htps-apache-24 in the working repo:

http://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/dyrcona/lp1748466-webstaff-htps-apache-24

tags: added: pullrequest
Revision history for this message
Dan Scott (denials) wrote :

Request: someone with nginx running as a front-end proxy try out this change to ensure that it still works in that configuration as well. Hey, we could probably try that...

Changed in evergreen:
milestone: none → 3.1-beta
Revision history for this message
Ben Shum (bshum) wrote :

Tested with the nginx proxy and it worked to redirect for me on master.

Picked to master and backported to rel_3_0 and rel_2_12. Thanks!!

Changed in evergreen:
status: New → Fix Committed
importance: Undecided → Medium
Changed in evergreen:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers