> Am 14.09.2017 um 15:46 schrieb Reindl Harald <h.rei...@thelounge.net>:
> 
> 
> 
> Am 14.09.2017 um 15:40 schrieb Stefan Eissing:
>> Harald,
>> could you check if a configuration like:
>>   UseCanonicalPhysicalPort on
>> in the server or vhost mitigates the problem?
> 
> it makes it even more terrible and the resulting http:// protocol instead 
> https// on port 443 here even tiggers mod_security
> 
> even if it would mitigate that issue - having ports in redirect urls easily 
> leads to a lot of other problems when proxy-servers are part of the game
> 
> [harry@srv-rhsoft:/mnt/data/downloads]$ curl --head --insecure 
> https://contentlounge/cms
> HTTP/1.1 301 Moved Permanently
> Date: Thu, 14 Sep 2017 13:43:06 GMT
> X-DNS-Prefetch-Control: off
> X-Content-Type-Options: nosniff
> X-Response-Time: D=1561 us
> Location: http://contentlounge:443/cms/
> Cache-Control: max-age=0
> Expires: Thu, 14 Sep 2017 13:43:06 GMT
> Content-Type: text/html; charset=iso-8859-1

Wow. Thanks for the quick test.

>>> Am 14.09.2017 um 12:00 schrieb Reindl Harald <h.rei...@thelounge.net>:
>>> 
>>> 
>>> 
>>> Am 10.08.2017 um 18:22 schrieb Reindl Harald:
>>>>> If you want to experiment...
>>>>> <VirtualHost IP:80 IP:443>
>>>>> is already recognized
>>>> but with "SSLEngine On" and "SSLCertificateFile" configured non-https no 
>>>> longer would work
>>> 
>>> OK, figured it out
>>> 
>>> * you need the *first* vhost with "SSLEngine On"
>>> * others can have "SSLEngine optional" and listen to 80 and 443
>>> 
>>> but there is a bug: https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
>>> 
>>> if the trailing slash is missing in the url the automatic redirect to the 
>>> full qualified folder-path points to http:// instead https:// and that does 
>>> not happen within a vhost dedicated to :443 and "SSLEngine On"
>>> 
>>> i was trapped in a endless loop because the php script making a redirect to 
>>> https:// had a bug and missed the traling / too
>>> 
>>> <VirtualHost *:80 *:443>
>>> DocumentRoot "/www/contentlounge"
>>> ServerName contentlounge.rhsoft.net
>>> SSLEngine optional
>>> SSLCertificateFile "conf/ssl/rhsoft.net.pem"
>>> </VirtualHost>
>>> 
>>> [harry@srv-rhsoft:~]$ curl --head --insecure https://contentlounge/cms
>>> HTTP/1.1 301 Moved Permanently
>>> Date: Thu, 14 Sep 2017 09:40:27 GMT
>>> X-DNS-Prefetch-Control: off
>>> X-Content-Type-Options: nosniff
>>> X-Response-Time: D=1311 us
>>> Location: http://contentlounge/cms/
>>> Cache-Control: max-age=0
>>> Expires: Thu, 14 Sep 2017 09:40:27 GMT
>>> Content-Type: text/html; charset=iso-8859-1

Reply via email to