Bug 120096 - mod_ssl environment variables not available in mod_rewrite rules
mod_ssl environment variables not available in mod_rewrite rules
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: httpd (Show other bugs)
i686 Linux
high Severity high
: ---
: ---
Assigned To: Joe Orton
Depends On:
Blocks: 116727
  Show dependency treegraph
Reported: 2004-04-05 18:47 EDT by Dustin Mollo
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-08-17 23:09:46 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
patch for httpd.conf (489 bytes, patch)
2004-04-05 18:47 EDT, Dustin Mollo
no flags Details | Diff
patch for ssl.conf (588 bytes, patch)
2004-04-05 18:48 EDT, Dustin Mollo
no flags Details | Diff

  None (edit)
Description Dustin Mollo 2004-04-05 18:47:12 EDT
Description of problem:

SSL environment variables are not accessable in mod_rewrite rules.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:

1. edit httpd.conf as per attached diff.
2. edit /etc/httpd/conf.d/ssl.conf as per attached diff.
3. service httpd restart
4. try accessing http://your-server.com/
Actual results:

firefox (and any other browser you point) gets stuck in an infinite
redirect because the variable is never getting set.

Expected results:

you should simply end up at https://your-server.com/

Additional info:

this rewrite rule *should* work as per the httpd.conf snippet at:

i've tried using HTTPS, SSL:HTTPS, SSL_HTTPS and ENV:HTTPS as
variables to test to see if HTTPS is being used for the connection and
all produce the recursive redirect problem.  there is a relavent
thread on the apache development list:

i wasn't sure if they were suggesting that all of the above methods
i've tried are currently broken, or if the SSL:XXX version should work
and the others don't.  either way, it seems this is a big problem with
redhat's shipped version of apache.
Comment 1 Dustin Mollo 2004-04-05 18:47:53 EDT
Created attachment 99127 [details]
patch for httpd.conf
Comment 2 Dustin Mollo 2004-04-05 18:48:20 EDT
Created attachment 99128 [details]
patch for ssl.conf
Comment 3 Joe Orton 2004-04-06 03:59:41 EDT
Thanks for the report.  The configuration which does currently work is:

RewriteCond %{LA-U:ENV:HTTPS} !=on

For a future update we are planning to restore support for %{HTTPS}
and add support for the new fast %{SSL:...} variable lookup.
Comment 4 Joe Orton 2004-06-24 17:41:56 EDT
As above, for the next mod_rewrite has been extended to support:

  RewriteCond %{SSL:...} ...

for direct SSL variable lookup, along with restored support for
%{HTTPS}.  "SSLOptions +StdEnvVars" is not required for these
expansions to work.

Test packages are available at:

Comment 5 Jay Turner 2004-08-17 23:09:46 EDT
Fix confirmed with httpd-2.0.46-32.ent.  Closing out.
Comment 6 Josh Bressers 2004-09-01 14:55:40 EDT
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.