DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=30464>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=30464 SSL_ variables from mod_ssl not available for RewriteCond tests in mod_rewrite Summary: SSL_ variables from mod_ssl not available for RewriteCond tests in mod_rewrite Product: Apache httpd-2.0 Version: 2.0.50 Platform: All OS/Version: All Status: NEW Severity: Normal Priority: Other Component: mod_rewrite AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] Hi, 1. Environment: OS: Linux Apache: 2.0.50 2. Problem: As I upgraded some Apache 1.3.x systems to Apache 2.0.50 I noticed that the SSL_ variables defined by mod_ssl are no longer available for checks with RewriteCond. In Apache 1.3.x RewriteConds like the following delivered reasonable results: RewriteCond %{SSL_CIPHER_USEKEYSIZE} !^[0-9][0-9][0-9] On Apache 2.0.50 the input stays empty as the following excerpt from the RewriteLog (Level 9) shows: 92.168.2.4 - - [04/Aug/2004:11:57:06 +0200] [www.something.de/sid#8122700][rid# 818a1b0/initial] (4) RewriteCond: input='' pattern='!^[0-9][0-9][0-9]' => matche d Even after adding SSLOptions +StdEnvVars and modifying the RewriteCond to RewriteCond %{ENV:SSL_CIPHER_USEKEYSIZE} !^[0-9][0-9][0-9] nothing changed. The input remains empty. 3. Analysis The root cause for this problem is that mod_ssl writes its SSL_ variables to r->subprocess_env in its fixup handler (provided SSLOptions contains StdEnvVars), but all fixup handlers are executed after the translate_name handlers. On the other hand the evaluation of the rewrite rules happens in mod_rewrites translate_name handler, so the variables are not available at this point of time. 4. Solution proposal I noticed that the documentation for mod_rewrite of Apache 2.1 points out a special prefix for the SSL_ variables named SSL: (like ENV: for environment variables). So the solution approach is to add a piece of code to lookup_variable in mod_rewrite.c that checks for variablenames that start with SSL: after the check for the variables which names start with ENV:. The mod_ssl function ssl_var_lookup can be used to get the values for the specific variables as it has been registered by mod_ssl with APR_REGISTER_OPTIONAL_FN in ssl_engine_vars.c. After that it would be possible to check the SSL_ variables in RewriteCond's via prefixing the variable name with SSL:. For example the following RewriteCond RewriteCond %{SSL:SSL_CIPHER_USEKEYSIZE} !^[0-9][0-9][0-9] would be a replacement for my old (Apache 1.3.x) RewriteCond RewriteCond %{SSL_CIPHER_USEKEYSIZE} !^[0-9][0-9][0-9] I wrote an appropriate patch for mod_rewrite which I tested on my environment. It worked as designed. I attach the patch. Regards Rüdiger Plüm --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
