Bug 488939 - mod_rewrite+mod_ssl+SSLVerifyClient = no POST variables
mod_rewrite+mod_ssl+SSLVerifyClient = no POST variables
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: httpd (Show other bugs)
4.8
All Linux
low Severity medium
: rc
: ---
Assigned To: Joe Orton
BaseOS QE
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-03-06 05:51 EST by Joe Orton
Modified: 2011-02-16 08:58 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: Consequence: Fix: Result:
Story Points: ---
Clone Of: 488886
Environment:
Last Closed: 2011-02-16 08:58:02 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Joe Orton 2009-03-06 05:51:05 EST
+++ This bug was initially created as a clone of Bug #488886 +++

Description of problem:
If SSLClientVerify for a <directory> is configured, such as:
<Directory "/var/www/html/site">
  SSLVerifyClient require
  SSLVerifyDepth  10
</Directory>

And mod rewrite is configured for this site: (via .htaccess in before mentioned
directory)

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]

Submitting a POST with variables defined do NOT show up on the script/php side.
 Disabling mod_rewrite or SSLVerifyClient for the path will cause POST
variables to be defined.

Version-Release number of selected component (if applicable):


How reproducible:
every time

Steps to Reproduce:
1. setup an https server with a certificate bundle and turn on sslVerifyClient
2. install a client certificate in your browser
3. setup mod rewrite rules
4. load any page, and try to submit POST variables.  phpinfo() will show no $_POST is defined.
  
Actual results:
no $_POST variables in php land with this configuration

Expected results:
need those $_POST variables

Additional info:

--- Additional comment from jorton@redhat.com on 2009-03-06 05:39:07 EDT ---

Ah, this is a known bug in the mod_ssl per-dir-reneg code; I fixed it upstream a while back.  Thanks for the report.

--- Additional comment from jorton@redhat.com on 2009-03-06 05:40:39 EDT ---

Fixed upstream by: http://svn.apache.org/viewvc?rev=591393&view=rev
Comment 5 Florian Nadge 2011-01-13 08:20:06 EST
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause:

Consequence:

Fix:

Result:
Comment 6 Florian Nadge 2011-01-13 08:20:40 EST
Please be so kind and add a few key words to the technical note of this
bugzilla entry using the following structure:

Cause:

Consequence:

Fix:

Result:

Thanks
Comment 7 errata-xmlrpc 2011-02-16 08:58:02 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0237.html

Note You need to log in before you can comment on or make changes to this bug.