>Number: 5147
>Category: mod_rewrite
>Synopsis: Matching "on" with !="on" succeeds when it should fail
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: apache
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Thu Oct 14 06:50:01 PDT 1999
>Last-Modified:
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: 1.3.9
>Environment:
Linux 2.2.9#13
gcc
>Description:
I'm trying to test whether the HTTPS env var is set to "on" and use this fact
to determine when a redirect rule should be executed. The rule redirects
to a secure URL and is only supposed to execute if the connection is not secure.
My rewrite condition is
RewriteCond %{ENV:HTTPS} !="on"
The rewrite log indicates that:
input='' pattern='!="on"' => matched
for a non-SSL request, and then
input='on' pattern='!="on"' => matched
for an SSL request. The latter is in error. The subsequent rule is executed
when it shouldn't.
>How-To-Repeat:
httpd.conf section (these lines are within a <Location> section):
<IfModule mod_rewrite.c>
<IfDefine SSL>
RewriteEngine On
RewriteCond %{ENV:HTTPS} !="on"
RewriteRule ^/(.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R]
</IfDefine>
</IfModule>
</Location>
My rewrite log shows:
Earlier entry (non-SSL)
192.168.1.9 - authent [14/Oct/1999:10:38:17 +0100]
[www/sid#80b8744][rid#80985a4/initial] (4) RewriteCond: input=''
pattern='!="on"' => matched
SSL connection:
192.168.1.9 - authent [14/Oct/1999:10:38:21 +0100]
[www/sid#80c31f4][rid#80985a4/initial] (1) [per-dir /proj/] redirect to
https://www/proj/ [REDIRECT/302]
192.168.1.9 - authent [14/Oct/1999:10:38:28 +0100]
[www/sid#80c31f4][rid#80985a4/initial] (3) [per-dir /proj/] add path-info
postfix: /home/httpd/html/proj -> /home/httpd/html/proj/
192.168.1.9 - authent [14/Oct/1999:10:38:28 +0100]
[www/sid#80c31f4][rid#80985a4/initial] (3) [per-dir /proj/] applying pattern
'^/(.*)' to uri '/home/httpd/html/proj/'
192.168.1.9 - authent [14/Oct/1999:10:38:28 +0100]
[www/sid#80c31f4][rid#80985a4/initial] (4) RewriteCond: input='on'
pattern='!="on"' => matched
192.168.1.9 - authent [14/Oct/1999:10:38:28 +0100]
[www/sid#80c31f4][rid#80985a4/initial] (2) [per-dir /proj/] rewrite
/home/httpd/html/proj/ -> https://www/proj/
192.168.1.9 - authent [14/Oct/1999:10:38:28 +0100]
[www/sid#80c31f4][rid#80985a4/initial] (2) [per-dir /proj/] explicitly forcing
redirect with https://www/proj/
192.168.1.9 - authent [14/Oct/1999:10:38:28 +0100]
[www/sid#80c31f4][rid#80985a4/initial] (1) [per-dir /proj/] escaping
https://www/proj/ for redirect
192.168.1.9 - authent [14/Oct/1999:10:38:28 +0100]
[www/sid#80c31f4][rid#80985a4/initial] (1) [per-dir /proj/] redirect to
https://www/proj/ [REDIRECT/302]
>Fix:
My workaround is to use this rewrite condition:
RewriteCond %{ENV:HTTPS} ^$
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <[EMAIL PROTECTED]> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or ]
["Re: general/1098:"). If the subject doesn't match this ]
[pattern, your message will be misfiled and ignored. The ]
["apbugs" address is not added to the Cc line of messages from ]
[the database automatically because of the potential for mail ]
[loops. If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request from a ]
[developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]
