Thank you for the information and fix, Mark. On Fri, Feb 7, 2020 at 12:31 AM Mark Thomas <ma...@apache.org> wrote:
> On 06/02/2020 23:00, Mark Thomas wrote: > > The issue appears to be that the following RewriteCond does not match > > when the request is served over HTTP/2 (with TLS) but it does if the > > request is served over HTTP/1.1 with TLS. > > > > RewriteCond %{HTTP_HOST} localhost > > > > (Note the RewriteCond quoted at the start of this thread is invalid) > > > > I'm wondering if this is related to the thread about > > HttpServletRequest.getRemoteAddr() returning null at the start of a > > request. It looks as if the request information may be being populated > > too late. > > Nope. Unrelated. > > The root cause here is that the RewriteCond is looking for an HTTP Host > header but HTTP/2 does not have any such header. > > HTTP/2 has the pseudo-header ":authority" that replaces the Host header. > While you could argue that a strict interpretation of the mod_rewrite > docs (since the rewrite valve aims to emulate a sub-set of mod_rewrite > behaviour) means that "host" != ":authority" I think the reasonable > thing to do in this instance is to look at the ":authority" value if the > request is using HTTP/2. I'll work on a patch. > > Mark > >