Thank you for the information and fix, Mark.
On Fri, Feb 7, 2020 at 12:31 AM Mark Thomas <ma...@apache.org> wrote:
> On 06/02/2020 23:00, Mark Thomas wrote:
> > The issue appears to be that the following RewriteCond does not match
> > when the request is served over HTTP/2 (with TLS) but it does if the
> > request is served over HTTP/1.1 with TLS.
> >
> > RewriteCond %{HTTP_HOST} localhost
> >
> > (Note the RewriteCond quoted at the start of this thread is invalid)
> >
> > I'm wondering if this is related to the thread about
> > HttpServletRequest.getRemoteAddr() returning null at the start of a
> > request. It looks as if the request information may be being populated
> > too late.
>
> Nope. Unrelated.
>
> The root cause here is that the RewriteCond is looking for an HTTP Host
> header but HTTP/2 does not have any such header.
>
> HTTP/2 has the pseudo-header ":authority" that replaces the Host header.
> While you could argue that a strict interpretation of the mod_rewrite
> docs (since the rewrite valve aims to emulate a sub-set of mod_rewrite
> behaviour) means that "host" != ":authority" I think the reasonable
> thing to do in this instance is to look at the ":authority" value if the
> request is using HTTP/2. I'll work on a patch.
>
> Mark
>
>
