Hi -- I thought I'd toss out a patch I've been working on lately; it's been a long time since I committed directly, so if some of the "regulars" wouldn't mind giving some feedback first, I'd appreciate it.
The idea is to introduce a non-default "UseListenScheme On" setting which uses the scheme from the Listen directive when constructing self-referencing URLs: http://people.apache.org/~chrisd/patches/use_listen_scheme/ A full commit would also need patches to some of the non-Unix MPMs (simple, winnt, netware, etc.), update-log-msg-tags needs to run, docs need to be written, and so forth. The impetus here came from the following situation; if you know of better ways to address it, please describe them! We have virtual hosts which serve both HTTP and HTTPS from behind SSL hardware, so httpd only sees HTTP traffic, but on different ports. The preferred configuration is: Listen 10.0.0.0:4000 Listen 10.0.0.0:5000 https NameVirtualHost 10.0.0.0:4000 NameVirtualHost 10.0.0.0:5000 LogFormat "... %{local}p ..." custom <VirtualHost 10.0.0.0:4000 10.0.0.0:5000> ServerName www.example.com CustomLog "|rotatelogs ... www.example.com:access.log ..." custom ... </VirtualHost> The problem is that the vhost always constructs self-referencing URLs for redirects, ProxyPassReverse handling, etc. using the "http://"; scheme. We could have duplicate <VirtualHost>s, one for each port/scheme: <VirtualHost 10.0.0.0:4000> ServerName http://www.example.com ... </VirtualHost> <VirtualHost 10.0.0.0:5000> ServerName https://www.example.com ... </VirtualHost> but then we have to duplicate all the vhost configs or split them into out into Include files, and we end up with additional rotatelogs processes either way. I really just wanted httpd to notice that, according to the Listen directive, all port 5000 traffic should use the "https://"; scheme; I felt like I'd already supplied sufficient config data for it to figure this out! :-) The major caveat that I can see is that some folks might object to having the overhead of apr_socket_data_get/set() calls after each apr_socket_accept(). I thought perhaps a compile-time option such as --disable-socket-data could be added to disable this proposed new code entirely, for those who care. Thoughts? Can anyone see a tidier way to approach this? (Any volunteers to update the winnt and netware MPMs?) Thanks very much, Chris. -- GPG Key ID: 088335A9 GPG Key Fingerprint: 86CD 3297 7493 75BC F820 6715 F54F E648 0883 35A9
