Sander Marechal reports that mod_rewrite does not find the value "on" in the %{HTTPS} server variable when HTTPS is enabled with mod_gnutls: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514005
I confirmed that this behavior still exists in mod_gnutls trunk revision 404. I used this RewriteRule to copy the %{HTTPS} server variable to an environment variable: RewriteRule . - [E=FOO:%{HTTPS}] Here is my httpd.conf: http://cgi.sfu.ca/~jdbates/tmp/mod-gnutls/200902070/httpd.conf Then I used this CGI to echo the environment variables: http://cgi.sfu.ca/~jdbates/tmp/mod-gnutls/200902070/index.cgi I used wget to get the output of this CGI: $ wget https://localhost:8080/index.cgi --no-check-certificate - here it is: http://cgi.sfu.ca/~jdbates/tmp/mod-gnutls/200902070/wget Notice that while the value of the "HTTPS" environment variable is "on", the value of the "FOO" environment variable (which is where I copied the value of the %{HTTPS} server variable with mod_rewrite) is "off" On Tue, 2009-02-03 at 12:09 +0100, Sander Marechal wrote: > Package: libapache2-mod-gnutls > Version: 0.5.1-1 > Severity: normal > File: mod_gnutls > > > mod_gnutls does not set the HTTPS server variable correctly for mod_rewrite. > Note that this > appears to be a different variable than the HTTPS environment variable. > > I have mod_gnutls loaded on my server and I have a simple rewrite rule to > redirect HTTPS POST calls > on my non-SSL protected site to my SSL protected site, like so: > > RewriteEngine On > RewriteCond %{REQUEST_METHOD} ^POST$ > RewriteCond %{HTTPS} ^off$ > RewriteRule ^xmlrpc(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L,QSA] > > Here is the output of ModRewrite with RewriteLogLevel 5. Note that the > contents of %{HTTPS} > is "off". Apparently mod_gnutls does not set this variable. > > 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] > [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (2) init rewrite engine > with requested uri > /xmlrpc > 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] > [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (1) pass through /xmlrpc > 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] > [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (3) [perdir > /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] strip per-dir > prefix: > /home/sander/projects/odf-shots/trunk/server/www/app/webroot/xmlrpc -> xmlrpc > 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] > [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (3) [perdir > /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] applying > pattern '^xmlrpc(.*)$' to uri 'xmlrpc' > 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] > [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (4) [perdir > /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] RewriteCond: > input='POST' pattern='^POST$' => matched > > # Here is the culprit > 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] > [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (4) [perdir > /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] RewriteCond: > input='off' pattern='^off$' => matched > > 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] > [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (2) [perdir > /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] rewrite > 'xmlrpc' -> 'https://odf-shots.jejik.com/xmlrpc' > 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] > [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (2) [perdir > /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] explicitly > forcing redirect with https://odf-shots.jejik.com/xmlrpc > 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] > [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (1) [perdir > /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] escaping > https://odf-shots.jejik.com/xmlrpc for redirect > 192.168.1.2 - - [03/Feb/2009:11:56:09 +0100] > [odf-shots.jejik.com/sid#fb5bb0][rid#12dd688/initial] (1) [perdir > /home/sander/projects/odf-shots/trunk/server/www/app/webroot/] redirect to > https://odf-shots.jejik.com/xmlrpc?XDEBUG_SESSION_START=1 [REDIRECT/302] > > > The contents of %{HTTPS} should have been set to "on" by mod_gnutls. > > -- System Information: > Debian Release: 5.0 > APT prefers testing > APT policy: (500, 'testing') > Architecture: amd64 (x86_64) > > Kernel: Linux 2.6.25-2-amd64 (SMP w/4 CPU cores) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/bash > > Versions of packages libapache2-mod-gnutls depends on: > ii libc6 2.7-18 GNU C Library: Shared libraries > ii libgnutls26 2.4.2-4 the GNU TLS library - runtime > libr > > libapache2-mod-gnutls recommends no packages. > > libapache2-mod-gnutls suggests no packages. > > -- no debconf information > > > -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org