Torsten Förtsch wrote:
On 11/26/2012 09:05 AM, André Warnier wrote:
http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#rewritecond
there is apparently a "server variable" HTTPS which can be tested in a
RewriteCond, and which looks just like what I need :
HTTPS
Will contain the text "on" if the connection is using SSL/TLS, or
"off" otherwise. (This variable can be safely used regardless of whether
or not mod_ssl is loaded).
Now I just have to find out how I can actually access such a "server
variable" inside a mod_perl handler. But that should be a breeze,
considering the nice online mod_perl documentation, right ?
Let's see if I can beat Torsten to it..
The problem is this "variable" is not something that is stored along
with the other request data. It is just the temporary result of a
function call.
What mod_rewrite does here to provide the "variable" is 2 things:
1) it looks for an optional function (this is a thing APR has invented)
named "ssl_is_https". In C it looks something like this:
APR_OPTIONAL_FN_TYPE(ssl_is_https) *is_https;
is_https=APR_RETRIEVE_OPTIONAL_FN(ssl_is_https);
If the function cannot be found HTTPS will be off because mod_ssl is not
loaded.
2) then it calls the function, which returns a boolean value.
Apache2::ModSSL does exactly the same.
To make this variable accessible by means of mod_rewrite to mod_perl you
can:
RewriteCond %{HTTPS} =on
RewriteRule .? - E=HTTPS:42
Later on in Perl you can ask
if ($r->subprocess_env->{HTTPS} eq "42") ...
Mod_rewrite normally works in the uri translation phase, except when it
is called in a <Directory>, <Location> or <Files> block or a .htaccess
file. In this case it works in the fixup phase. Unfortunately,
mod_rewrite installs its handler with APR_HOOK_FIRST priority while
mod_perl uses APR_HOOK_REALLY_FIRST. That means a PerlFixupHandler is
called *before* mod_rewrite in directory context.
Between the two of you, we're seeing the light at the end of the tunnel..
Many thanks. I don't think that this is really documented anywhere, so my chances of
finding this by myself were rather low to begin with.
I must say that I slightly prefer Torsten's solution, which looks easier (some of the URLs
to proxy already have a query string, for instance).
But I can see also that I'll have to seriously document this in the code, otherwise some
poor maintainer is going to have a hard time in a couple of years from now, trying to
figure out what is going on here. Specially if he has never heard of Deep Thought.
