Bug 120096 - mod_ssl environment variables not available in mod_rewrite rules
Summary: mod_ssl environment variables not available in mod_rewrite rules
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: httpd   
(Show other bugs)
Version: 3.0
Hardware: i686
OS: Linux
Target Milestone: ---
Assignee: Joe Orton
QA Contact:
Depends On:
Blocks: 116727
TreeView+ depends on / blocked
Reported: 2004-04-05 22:47 UTC by Dustin Mollo
Modified: 2007-11-30 22:07 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-08-18 03:09:46 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
patch for httpd.conf (489 bytes, patch)
2004-04-05 22:47 UTC, Dustin Mollo
no flags Details | Diff
patch for ssl.conf (588 bytes, patch)
2004-04-05 22:48 UTC, Dustin Mollo
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2004:349 normal SHIPPED_LIVE Important: httpd security update 2004-09-01 04:00:00 UTC

Description Dustin Mollo 2004-04-05 22:47:12 UTC
Description of problem:

SSL environment variables are not accessable in mod_rewrite rules.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:

1. edit httpd.conf as per attached diff.
2. edit /etc/httpd/conf.d/ssl.conf as per attached diff.
3. service httpd restart
4. try accessing http://your-server.com/
Actual results:

firefox (and any other browser you point) gets stuck in an infinite
redirect because the variable is never getting set.

Expected results:

you should simply end up at https://your-server.com/

Additional info:

this rewrite rule *should* work as per the httpd.conf snippet at:

i've tried using HTTPS, SSL:HTTPS, SSL_HTTPS and ENV:HTTPS as
variables to test to see if HTTPS is being used for the connection and
all produce the recursive redirect problem.  there is a relavent
thread on the apache development list:

i wasn't sure if they were suggesting that all of the above methods
i've tried are currently broken, or if the SSL:XXX version should work
and the others don't.  either way, it seems this is a big problem with
redhat's shipped version of apache.

Comment 1 Dustin Mollo 2004-04-05 22:47:53 UTC
Created attachment 99127 [details]
patch for httpd.conf

Comment 2 Dustin Mollo 2004-04-05 22:48:20 UTC
Created attachment 99128 [details]
patch for ssl.conf

Comment 3 Joe Orton 2004-04-06 07:59:41 UTC
Thanks for the report.  The configuration which does currently work is:

RewriteCond %{LA-U:ENV:HTTPS} !=on

For a future update we are planning to restore support for %{HTTPS}
and add support for the new fast %{SSL:...} variable lookup.

Comment 4 Joe Orton 2004-06-24 21:41:56 UTC
As above, for the next mod_rewrite has been extended to support:

  RewriteCond %{SSL:...} ...

for direct SSL variable lookup, along with restored support for
%{HTTPS}.  "SSLOptions +StdEnvVars" is not required for these
expansions to work.

Test packages are available at:


Comment 5 Jay Turner 2004-08-18 03:09:46 UTC
Fix confirmed with httpd-2.0.46-32.ent.  Closing out.

Comment 6 Josh Bressers 2004-09-01 18:55:40 UTC
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.