https://bz.apache.org/bugzilla/show_bug.cgi?id=61519

Reindl Harald <h.rei...@thelounge.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEEDINFO                    |NEW

--- Comment #10 from Reindl Harald <h.rei...@thelounge.net> ---
httpd has a completly split brain here


Apache Environment from phpinfo():
HTTPS on
SSL_TLS_SNI local.rhsoft.net
HTTP_HOST local.rhsoft.net
SERVER_NAME local.rhsoft.net
SERVER_PORT 80
REQUEST_SCHEME http

focus on the "HTTPS" which is corrent versus wrong "SERVER_PORT" and
"REQUEST_SCHEME" - thi smakes it possible to put some hacks in php-libraries
and overwrite it so that most scripts behave correctly

but you can't hack the wrong redirect to http:// when one tries to access a
folder without the trailing slash because that redirect is done by httpd itself
and fianlyl you have a *real probem* in your client becasue proper sent cookies
with secure-Flags are gone, logins don#t work, you don't realize that you
unintenionally switched to unecnrypted and that leads to support calls for
every single vhost which get mirgated to dual-stack and letsencrypt

you *clearly* know the fact it's https, so REQUEST_SCHEME is easily to fix and
you know the incoming port from the network layer - frankly there is no sane
reason to get that wrong and set it to 80 when the lcient is connected to 443

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

Reply via email to