Re: Spoofing SERVER_PORT/HTTPS env?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



bump

On Thu, Mar 16, 2017 at 5:33 PM, Andrei <lagged@xxxxxxxxx> wrote:
Hello everyone,

I have a setup with Varnish/Hitch in front of Apache, where Hitch proxies the SSL traffic to Varnish via HTTP, and Apache receives the request via HTTP while the client request was done via https. This local downgrade is due to Varnish not supporting SSL. Since there are quite a few platforms out there that rely on HTTPS/SERVER_PORT checks to force https redirects for example, I've been toying with mod_rpaf which can spoof the environment variables based on X headers from a defined list of IPs, but it's not consistent and requires disabling keepalive due to a long standing bug - https://github.com/gnif/mod_rpaf/issues/42. That being said, I'm trying to ditch mod_rpaf and spoof the variables using SetEnvIf based on a custom X-Header instead, which will be set by Varnish. The only problem I'm running in to is overriding SERVER_PORT. For example, if I have:

SetEnvIf X-HTTPS "on" HTTPS=on
SetEnvIf X-HTTPS "on" REQUEST_SCHEME=https
SetEnvIf X-HTTPS "on" SERVER_PORT=443

The above results in:

root@avi [~]# curl -sH"X-HTTPS: on" http://domain.com/headers.php|egrep -i 'https|r_port'
$_SERVER[HTTPS]; => on
$_SERVER[HTTP_X_HTTPS]; => on
$_SERVER[REQUEST_SCHEME]; => https
$_SERVER[SERVER_PORT]; => 80
root@avi [~]# 


While I would expect them to be:

$_SERVER[HTTPS]; => on
$_SERVER[HTTP_X_HTTPS]; => on
$_SERVER[REQUEST_SCHEME]; => https
$_SERVER[SERVER_PORT]; => 443

If anyone knows of a different method, or module to use, I'm more than open to ideas. Thanks in advance!




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux