httpd: allow $REQUEST_SCHEME in redirect targets

[Stuart Henderson]

Sometimes you want to redirect a request to another site but maintaining
the same type of connection (http or https) as the original request.
Currently to do this in httpd you have to duplicate the whole server block
(once for http, once for https, with different "block return" target URLs).

With Apache httpd you can use a single target URL to cover both cases using
the REQUEST_SCHEME variable, with nginx you can do the same using $scheme.
The diff below adds REQUEST_SCHEME to httpd allowing it there too, e.g.

  location "/cgi-bin/foobar*" { block return 302 
"$REQUEST_SCHEME://foobar.example.org$REQUEST_URI" }

any comments? ok?


Index: server_http.c
===================================================================
RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v
retrieving revision 1.136
diff -u -p -r1.136 server_http.c
--- server_http.c       14 Jan 2020 20:48:57 -0000      1.136
+++ server_http.c       25 Feb 2020 11:50:35 -0000
@@ -1148,6 +1148,15 @@ server_expand_http(struct client *clt, c
                if (ret != 0)
                        return (NULL);
        }
+       if (strstr(val, "$REQUEST_SCHEME") != NULL) {
+               if (srv_conf->flags & SRVFLAG_TLS) {
+                       ret = expand_string(buf, len, "$REQUEST_SCHEME", 
"https");
+               } else {
+                       ret = expand_string(buf, len, "$REQUEST_SCHEME", 
"http");
+               }
+               if (ret != 0)
+                       return (NULL);
+       }
        if (strstr(val, "$SERVER_") != NULL) {
                if (strstr(val, "$SERVER_ADDR") != NULL) {
                        if (print_host(&srv_conf->ss,
Index: httpd.conf.5
===================================================================
RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
retrieving revision 1.108
diff -u -p -r1.108 httpd.conf.5
--- httpd.conf.5        9 Feb 2020 09:44:04 -0000       1.108
+++ httpd.conf.5        25 Feb 2020 11:50:35 -0000
@@ -217,6 +217,8 @@ The IP address of the connected client.
 The TCP source port of the connected client.
 .It Ic $REMOTE_USER
 The remote user for HTTP authentication.
+.It Ic $REQUEST_SCHEME
+The request scheme (http or https).
 .It Ic $REQUEST_URI
 The request path and optional query string.
 .It Ic $SERVER_ADDR
@@ -774,11 +776,13 @@ directive:
 .Bd -literal -offset indent
 server "example.com" {
        listen on 10.0.0.1 port 80
-       block return 301 "http://www.example.com$REQUEST_URI";
+       listen on 10.0.0.1 tls port 443
+       block return 301 "$REQUEST_SCHEME://www.example.com$REQUEST_URI"
 }
 
 server "www.example.com" {
        listen on 10.0.0.1 port 80
+       listen on 10.0.0.1 tls port 443
 }
 .Ed
 The request can also be rewritten with the