On Tue, Feb 25, 2020 at 12:16:22PM +0000, Stuart Henderson wrote:
> Sometimes you want to redirect a request to another site but maintaining
> the same type of connection (http or https) as the original request.
> Currently to do this in httpd you have to duplicate the whole server block
> (once for http, once for https, with different "block return" target URLs).
>
> With Apache httpd you can use a single target URL to cover both cases using
> the REQUEST_SCHEME variable, with nginx you can do the same using $scheme.
> The diff below adds REQUEST_SCHEME to httpd allowing it there too, e.g.
>
> location "/cgi-bin/foobar*" { block return 302
> "$REQUEST_SCHEME://foobar.example.org$REQUEST_URI" }
>
> any comments? ok?
>
I think the patches makes sense for consistency and compatibility.
Currently it's also possible by using a double slash uri, for example:
Location: //openbsd.org/
Non-absolute uri are allowed now by the HTTP specification in the updated RFC:
https://tools.ietf.org/html/rfc7231#section-7.1.2
compared to the obsoleted RFC:
https://tools.ietf.org/html/rfc2616#section-14.30
Thanks,
>
> Index: server_http.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v
> retrieving revision 1.136
> diff -u -p -r1.136 server_http.c
> --- server_http.c 14 Jan 2020 20:48:57 -0000 1.136
> +++ server_http.c 25 Feb 2020 11:50:35 -0000
> @@ -1148,6 +1148,15 @@ server_expand_http(struct client *clt, c
> if (ret != 0)
> return (NULL);
> }
> + if (strstr(val, "$REQUEST_SCHEME") != NULL) {
> + if (srv_conf->flags & SRVFLAG_TLS) {
> + ret = expand_string(buf, len, "$REQUEST_SCHEME",
> "https");
> + } else {
> + ret = expand_string(buf, len, "$REQUEST_SCHEME",
> "http");
> + }
> + if (ret != 0)
> + return (NULL);
> + }
> if (strstr(val, "$SERVER_") != NULL) {
> if (strstr(val, "$SERVER_ADDR") != NULL) {
> if (print_host(&srv_conf->ss,
> Index: httpd.conf.5
> ===================================================================
> RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
> retrieving revision 1.108
> diff -u -p -r1.108 httpd.conf.5
> --- httpd.conf.5 9 Feb 2020 09:44:04 -0000 1.108
> +++ httpd.conf.5 25 Feb 2020 11:50:35 -0000
> @@ -217,6 +217,8 @@ The IP address of the connected client.
> The TCP source port of the connected client.
> .It Ic $REMOTE_USER
> The remote user for HTTP authentication.
> +.It Ic $REQUEST_SCHEME
> +The request scheme (http or https).
> .It Ic $REQUEST_URI
> The request path and optional query string.
> .It Ic $SERVER_ADDR
> @@ -774,11 +776,13 @@ directive:
> .Bd -literal -offset indent
> server "example.com" {
> listen on 10.0.0.1 port 80
> - block return 301 "http://www.example.com$REQUEST_URI";
> + listen on 10.0.0.1 tls port 443
> + block return 301 "$REQUEST_SCHEME://www.example.com$REQUEST_URI"
> }
>
> server "www.example.com" {
> listen on 10.0.0.1 port 80
> + listen on 10.0.0.1 tls port 443
> }
> .Ed
> The request can also be rewritten with the
>
--
Kind regards,
Hiltjo
