diff options
| author | Stuart Henderson <sthen@cvs.openbsd.org> | 2020-02-25 15:18:42 +0000 |
|---|---|---|
| committer | Stuart Henderson <sthen@cvs.openbsd.org> | 2020-02-25 15:18:42 +0000 |
| commit | 68a3ec791163ff933bfa9e467a3137012f8b87d6 (patch) | |
| tree | ad0c5428dda9a32bc3022e65e5bc76a066fe8c87 | |
| parent | 500adea7525ece056b5f4e70fda5ea7891c3f9d7 (diff) | |
httpd: allow $REQUEST_SCHEME in redirect targets, ok jung@ florian@
Sometimes you want to redirect a request to another site but maintaining
the same type of connection (http or https) as the original request.
Allow a $REQUEST_SCHEME variable to be used in redirect locations to
allow this, e.g.
location "/cgi-bin/foobar*" { block return 302 "$REQUEST_SCHEME://foobar.example.org$REQUEST_URI" }
| -rw-r--r-- | usr.sbin/httpd/httpd.conf.5 | 10 | ||||
| -rw-r--r-- | usr.sbin/httpd/server_http.c | 11 |
2 files changed, 17 insertions, 4 deletions
diff --git a/usr.sbin/httpd/httpd.conf.5 b/usr.sbin/httpd/httpd.conf.5 index 174e12be7ab..a9f3fec07c3 100644 --- a/usr.sbin/httpd/httpd.conf.5 +++ b/usr.sbin/httpd/httpd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: httpd.conf.5,v 1.108 2020/02/09 09:44:04 florian Exp $ +.\" $OpenBSD: httpd.conf.5,v 1.109 2020/02/25 15:18:41 sthen Exp $ .\" .\" Copyright (c) 2014, 2015 Reyk Floeter <reyk@openbsd.org> .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: February 9 2020 $ +.Dd $Mdocdate: February 25 2020 $ .Dt HTTPD.CONF 5 .Os .Sh NAME @@ -217,6 +217,8 @@ The IP address of the connected client. The TCP source port of the connected client. .It Ic $REMOTE_USER The remote user for HTTP authentication. +.It Ic $REQUEST_SCHEME +The request scheme (http or https). .It Ic $REQUEST_URI The request path and optional query string. .It Ic $SERVER_ADDR @@ -774,11 +776,13 @@ directive: .Bd -literal -offset indent server "example.com" { listen on 10.0.0.1 port 80 - block return 301 "http://www.example.com$REQUEST_URI" + listen on 10.0.0.1 tls port 443 + block return 301 "$REQUEST_SCHEME://www.example.com$REQUEST_URI" } server "www.example.com" { listen on 10.0.0.1 port 80 + listen on 10.0.0.1 tls port 443 } .Ed The request can also be rewritten with the diff --git a/usr.sbin/httpd/server_http.c b/usr.sbin/httpd/server_http.c index 4a46f6b44ba..d01c1eab93f 100644 --- a/usr.sbin/httpd/server_http.c +++ b/usr.sbin/httpd/server_http.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server_http.c,v 1.136 2020/01/14 20:48:57 benno Exp $ */ +/* $OpenBSD: server_http.c,v 1.137 2020/02/25 15:18:41 sthen Exp $ */ /* * Copyright (c) 2006 - 2018 Reyk Floeter <reyk@openbsd.org> @@ -1148,6 +1148,15 @@ server_expand_http(struct client *clt, const char *val, char *buf, if (ret != 0) return (NULL); } + if (strstr(val, "$REQUEST_SCHEME") != NULL) { + if (srv_conf->flags & SRVFLAG_TLS) { + ret = expand_string(buf, len, "$REQUEST_SCHEME", "https"); + } else { + ret = expand_string(buf, len, "$REQUEST_SCHEME", "http"); + } + if (ret != 0) + return (NULL); + } if (strstr(val, "$SERVER_") != NULL) { if (strstr(val, "$SERVER_ADDR") != NULL) { if (print_host(&srv_conf->ss, |