>Number: 4117
>Category: mod_rewrite
>Synopsis: mod_rewrite adds "Vary: Host, Host" header
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: apache
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Wed Mar 24 18:00:02 PST 1999
>Last-Modified:
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: 1.3.4
>Environment:
[admin admin]$ uname -a
Linux sd2.mailbank.com 2.0.34 #1 Fri Aug 28 19:39:04 PDT 1998 mips unknown
[admin admin]$ gcc -v
Reading specs from /usr/lib/gcc-lib/mipsel-linux/2.7.2/specs
gcc version 2.7.2
[admin admin]$ /usr/local/bin/httpd -V
Server version: Apache/1.3.4 (Unix)
Server built: Mar 16 1999 15:40:19
Server's Module Magic Number: 19990108:0
Server compiled with....
-D HAVE_MMAP
-D HAVE_SHMGET
-D USE_SHMGET_SCOREBOARD
-D USE_MMAP_FILES
-D USE_FLOCK_SERIALIZED_ACCEPT
-D HTTPD_ROOT="/usr/local"
-D SUEXEC_BIN="/usr/local/bin/suexec"
-D SHARED_CORE_DIR="/usr/local/libexec"
-D DEFAULT_PIDLOG="/var/run/httpd.pid"
-D DEFAULT_SCOREBOARD="/var/run/httpd.scoreboard"
-D DEFAULT_LOCKFILE="/var/run/httpd.lock"
-D DEFAULT_XFERLOG="/var/log/httpd/access_log"
-D DEFAULT_ERRORLOG="/var/log/httpd/error_log"
-D TYPES_CONFIG_FILE="/etc/httpd/conf/mime.types"
-D SERVER_CONFIG_FILE="/etc/httpd/conf/httpd.conf"
-D ACCESS_CONFIG_FILE="/etc/httpd/conf/access.conf"
-D RESOURCE_CONFIG_FILE="/etc/httpd/conf/srm.conf"
[admin admin]$ /usr/local/bin/httpd -l
Compiled-in modules:
http_core.c
mod_env.c
mod_log_config.c
mod_mime.c
mod_negotiation.c
mod_status.c
mod_include.c
mod_autoindex.c
mod_dir.c
mod_cgi.c
mod_asis.c
mod_imap.c
mod_actions.c
mod_userdir.c
mod_proxy.c
mod_alias.c
mod_rewrite.c
mod_access.c
mod_auth.c
mod_auth_anon.c
mod_expires.c
mod_headers.c
mod_usertrack.c
mod_setenvif.c
>Description:
Possibly related to PR 1644:
Apache adds the following header to an HTTP request:
Vary: Host, Host
Apache should only output "Vary: Host", and should not duplicate
multiple fields.
This occurs with the mod_rewrite rule of:
RewriteCond %{ENV:WasFound} !^yes$
RewriteCond %{HTTP_HOST} !^$
RewriteCond ${lc:%{HTTP_HOST}} ^www\.(.+)\.(the)([^\.])([^\.]+)\.([^\.]+)$
[OR,NC]
RewriteCond ${lc:%{HTTP_HOST}} ^(.+)\.(the)([^\.])([^\.]+)\.([^\.]+)$
[OR,NC]
RewriteCond ${lc:%{HTTP_HOST}} ^www\.(.+)\.()([^\.])([^\.]+)\.([^\.]+)$
[OR,NC]
RewriteCond ${lc:%{HTTP_HOST}} ^(.+)\.()([^\.])([^\.]+)\.([^\.]+)$
RewriteCond
/home/restrict/vhosts/%3/%2%3%4.%5/%1.%2%3%4.%5%{REQUEST_FILENAME} -f [OR]
RewriteCond
/home/restrict/vhosts/%3/%2%3%4.%5/%1.%2%3%4.%5%{REQUEST_FILENAME} -d [OR]
RewriteCond /home/restrict/vhosts/%3/%2%3%4.%5/%1.%2%3%4.%5/.htaccess -f
RewriteRule ^/(.*)$ /home/restrict/vhosts/%3/%2%3%4.%5/%1.%2%3%4.%5/$1
[E=VHOST:%1.%2%3%4.%5,L,E=WasFound:yes]
My theory is that, because multiple "HTTP_HOST" fields appear
in the RewriteCond, apache adds one "Host" entry for each "and"ed
RewriteCond (but not for the "or"s).
>How-To-Repeat:
Create a mod_rewrite rule with somthing like the above, that
has multiple HTTP_HOST checks.
>Fix:
Problem Report 1644 is listed as still open, which leads me to
believe that this issue is being worked on.
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <[EMAIL PROTECTED]> in the Cc line ]
[and leave the subject line UNCHANGED. This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request ]
[from a developer. ]
[Reply only with text; DO NOT SEND ATTACHMENTS! ]
