On Sat, Mar 11, 2017 at 06:11:53PM +0000, Rivo Nurges wrote: > Hi! > > Following will add possibility to expand $HTTP_HOST to the HTTP > Host header in "block return". > > In my setup I have relayd on port 443 and httpd on 80. This patch > allows me to redirect http(httpd) to https(relayd) without knowing > the host. > > /etc/httpd.conf: > server "redirect" { > listen on * port 80 > block return 301 "https://$HTTP_HOST$REQUEST_URI" > } > > Rivo > > Index: usr.sbin/httpd/server_http.c > =================================================================== > RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v > retrieving revision 1.115 > diff -u -p -r1.115 server_http.c > --- usr.sbin/httpd/server_http.c 10 Mar 2017 21:06:43 -0000 1.115 > +++ usr.sbin/httpd/server_http.c 11 Mar 2017 17:51:23 -0000 > @@ -1068,6 +1068,18 @@ server_expand_http(struct client *clt, c > if (ret != 0) > return (NULL); > } > + if (strstr(val, "$HTTP_HOST") != NULL) { > + if (desc->http_host == NULL) { > + ret = expand_string(buf, len, "$HTTP_HOST", "");
This will not create a working redirect. Should we return 500 instead if there is no host header? What is nginx doing in that case? nginx has $http_host and $host, $host is assigned the host header and if that doesn't exist the server name. (Wouldn't help in your case since it would redirect to https://redirect/). Other than this looks good. > + } else { > + if ((str = url_encode(desc->http_host)) == NULL) > + return (NULL); > + ret = expand_string(buf, len, "$HTTP_HOST", str); > + free(str); > + } > + if (ret != 0) > + return (NULL); > + } > if (strstr(val, "$REMOTE_") != NULL) { > if (strstr(val, "$REMOTE_ADDR") != NULL) { > if (print_host(&clt->clt_ss, > Index: usr.sbin/httpd/httpd.conf.5 > =================================================================== > RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v > retrieving revision 1.79 > diff -u -p -r1.79 httpd.conf.5 > --- usr.sbin/httpd/httpd.conf.5 7 Feb 2017 12:27:42 -0000 1.79 > +++ usr.sbin/httpd/httpd.conf.5 11 Mar 2017 17:51:23 -0000 > @@ -221,6 +221,8 @@ The configured IP address of the server. > The configured TCP server port of the server. > .It Ic $SERVER_NAME > The name of the server. > +.It Ic $HTTP_HOST > +The host from the HTTP Host header. > .It Pf % Ar n > The capture index > .Ar n > > begin-base64 644 http_host.diff > SW5kZXg6IHVzci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMKPT09PT09PT09PT09PT09PT09PT09 > PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTog > L2N2cy9zcmMvdXNyLnNiaW4vaHR0cGQvc2VydmVyX2h0dHAuYyx2CnJldHJpZXZpbmcgcmV2aXNp > b24gMS4xMTUKZGlmZiAtdSAtcCAtcjEuMTE1IHNlcnZlcl9odHRwLmMKLS0tIHVzci5zYmluL2h0 > dHBkL3NlcnZlcl9odHRwLmMJMTAgTWFyIDIwMTcgMjE6MDY6NDMgLTAwMDAJMS4xMTUKKysrIHVz > ci5zYmluL2h0dHBkL3NlcnZlcl9odHRwLmMJMTEgTWFyIDIwMTcgMTc6NTE6MjMgLTAwMDAKQEAg > LTEwNjgsNiArMTA2OCwxOCBAQCBzZXJ2ZXJfZXhwYW5kX2h0dHAoc3RydWN0IGNsaWVudCAqY2x0 > LCBjCiAJCWlmIChyZXQgIT0gMCkKIAkJCXJldHVybiAoTlVMTCk7CiAJfQorCWlmIChzdHJzdHIo > dmFsLCAiJEhUVFBfSE9TVCIpICE9IE5VTEwpIHsKKwkJaWYgKGRlc2MtPmh0dHBfaG9zdCA9PSBO > VUxMKSB7CisJCQlyZXQgPSBleHBhbmRfc3RyaW5nKGJ1ZiwgbGVuLCAiJEhUVFBfSE9TVCIsICIi > KTsKKwkJfSBlbHNlIHsKKwkJCWlmICgoc3RyID0gdXJsX2VuY29kZShkZXNjLT5odHRwX2hvc3Qp > KSA9PSBOVUxMKQorCQkJCXJldHVybiAoTlVMTCk7CisJCQlyZXQgPSBleHBhbmRfc3RyaW5nKGJ1 > ZiwgbGVuLCAiJEhUVFBfSE9TVCIsIHN0cik7CisJCQlmcmVlKHN0cik7CisJCX0KKwkJaWYgKHJl > dCAhPSAwKQorCQkJcmV0dXJuIChOVUxMKTsKKwl9CiAJaWYgKHN0cnN0cih2YWwsICIkUkVNT1RF > XyIpICE9IE5VTEwpIHsKIAkJaWYgKHN0cnN0cih2YWwsICIkUkVNT1RFX0FERFIiKSAhPSBOVUxM > KSB7CiAJCQlpZiAocHJpbnRfaG9zdCgmY2x0LT5jbHRfc3MsCkluZGV4OiB1c3Iuc2Jpbi9odHRw > ZC9odHRwZC5jb25mLjUKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 > PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTogL2N2cy9zcmMvdXNyLnNiaW4vaHR0 > cGQvaHR0cGQuY29uZi41LHYKcmV0cmlldmluZyByZXZpc2lvbiAxLjc5CmRpZmYgLXUgLXAgLXIx > Ljc5IGh0dHBkLmNvbmYuNQotLS0gdXNyLnNiaW4vaHR0cGQvaHR0cGQuY29uZi41CTcgRmViIDIw > MTcgMTI6Mjc6NDIgLTAwMDAJMS43OQorKysgdXNyLnNiaW4vaHR0cGQvaHR0cGQuY29uZi41CTEx > IE1hciAyMDE3IDE3OjUxOjIzIC0wMDAwCkBAIC0yMjEsNiArMjIxLDggQEAgVGhlIGNvbmZpZ3Vy > ZWQgSVAgYWRkcmVzcyBvZiB0aGUgc2VydmVyLgogVGhlIGNvbmZpZ3VyZWQgVENQIHNlcnZlciBw > b3J0IG9mIHRoZSBzZXJ2ZXIuCiAuSXQgSWMgJFNFUlZFUl9OQU1FCiBUaGUgbmFtZSBvZiB0aGUg > c2VydmVyLgorLkl0IEljICRIVFRQX0hPU1QKK1RoZSBob3N0IGZyb20gdGhlIEhUVFAgSG9zdCBo > ZWFkZXIuCiAuSXQgUGYgJSBBciBuCiBUaGUgY2FwdHVyZSBpbmRleAogLkFyIG4K > ==== > -- I'm not entirely sure you are real.