From 1e02c6554be19d9ee547660c4e20eab24a030779 Mon Sep 17 00:00:00 2001 From: Bill Erickson Date: Fri, 24 Feb 2017 17:09:17 -0500 Subject: [PATCH] LP#1648234 Apache redirects to standard ports Certain Apache redirects now send the browser to standard 80/443 ports instead of defaulting to the internally configured Apache ports, which may be non-standard, particularly in a proxied environment. Leaking the non-standard ports to the browser causes the browser to bypass the proxy and could cause the browser to request inaccessible pages. Paths affected by this patch: / /eg/staff /opac/extras/slimpac/start.html /opac/extras/slimpac/advanced.html /opac/extras/slimpac/.*?locale=.* To test: 1. Configure Apache to use non-standard ports for port 80/443 (e.g. 7080 and 7443). 2. Confirm the issue by navigatigating to http://HOST/ 3. This should redirect to http://HOST:7080/eg/opac/home 4. Apply the Apache config changes and reload/restart Apache. 5. Clear the browser cache to reset any redirects 6. Navigate to http://HOST/ 7. Confirm it redirects the browser to http://HOST/eg/opac/home Signed-off-by: Bill Erickson Signed-off-by: Ben Shum Signed-off-by: Galen Charlton --- Open-ILS/examples/apache/eg_vhost.conf.in | 10 +++++----- Open-ILS/examples/apache_24/eg_vhost.conf.in | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Open-ILS/examples/apache/eg_vhost.conf.in b/Open-ILS/examples/apache/eg_vhost.conf.in index 8800c81a4a..576f454d55 100644 --- a/Open-ILS/examples/apache/eg_vhost.conf.in +++ b/Open-ILS/examples/apache/eg_vhost.conf.in @@ -6,12 +6,12 @@ # ---------------------------------------------------------------------------------- # Point / to the opac - if you have a custom skin or locale, point at it here # ---------------------------------------------------------------------------------- -RedirectMatch 301 ^/$ /eg/opac/home +RewriteRule ^/$ %{REQUEST_SCHEME}://%{HTTP_HOST}/eg/opac/home [R=301,L] # ---------------------------------------------------------------------------------- # Redirect staff to the correct URL if they forget to include the final / # ---------------------------------------------------------------------------------- -RedirectMatch 301 ^/eg/staff$ /eg/staff/ +RewriteRule ^/eg/staff$ https://%{HTTP_HOST}/eg/staff/ [R=301,L] # ---------------------------------------------------------------------------------- # Point / to the IP address redirector @@ -34,8 +34,8 @@ RedirectMatch 301 ^/eg/staff$ /eg/staff/ # ---------------------------------------------------------------------------------- # Assign a default locale to the accessible OPAC # ---------------------------------------------------------------------------------- -RedirectMatch 301 ^/opac/extras/slimpac/start.html$ /opac/en-US/extras/slimpac/start.html -RedirectMatch 301 ^/opac/extras/slimpac/advanced.html$ /opac/en-US/extras/slimpac/advanced.html +RewriteRule ^/opac/extras/slimpac/start.html$ %{REQUEST_SCHEME}://%{HTTP_HOST}/opac/en-US/extras/slimpac/start.html [R=301,L] +RewriteRule ^/opac/extras/slimpac/advanced.html$ %{REQUEST_SCHEME}://%{HTTP_HOST}/opac/en-US/extras/slimpac/advanced.html [R=301,L] # ---------------------------------------------------------------------------------- # Configure the gateway and translator @@ -284,7 +284,7 @@ Options -Indexes RewriteCond %{QUERY_STRING} locale=([^&]*) -RewriteRule ^/opac/[a-z]{2}-[A-Z]{2}/extras/slimpac/(.*)$ /opac/%1/extras/slimpac/$1? [redirect] +RewriteRule ^/opac/[a-z]{2}-[A-Z]{2}/extras/slimpac/(.*)$ %{REQUEST_SCHEME}://%{HTTP_HOST}/opac/%1/extras/slimpac/$1? [redirect] AddOutputFilter INCLUDES;XMLENT .html diff --git a/Open-ILS/examples/apache_24/eg_vhost.conf.in b/Open-ILS/examples/apache_24/eg_vhost.conf.in index 45ac27f550..48c6ef0b5d 100644 --- a/Open-ILS/examples/apache_24/eg_vhost.conf.in +++ b/Open-ILS/examples/apache_24/eg_vhost.conf.in @@ -6,12 +6,12 @@ # ---------------------------------------------------------------------------------- # Point / to the opac - if you have a custom skin or locale, point at it here # ---------------------------------------------------------------------------------- -RedirectMatch 301 ^/$ /eg/opac/home +RewriteRule ^/$ %{REQUEST_SCHEME}://%{HTTP_HOST}/eg/opac/home [R=301,L] # ---------------------------------------------------------------------------------- # Redirect staff to the correct URL if they forget to include the final / # ---------------------------------------------------------------------------------- -RedirectMatch 301 ^/eg/staff$ /eg/staff/ +RewriteRule ^/eg/staff$ https://%{HTTP_HOST}/eg/staff/ [R=301,L] # ---------------------------------------------------------------------------------- # Point / to the IP address redirector @@ -34,8 +34,8 @@ RedirectMatch 301 ^/eg/staff$ /eg/staff/ # ---------------------------------------------------------------------------------- # Assign a default locale to the accessible OPAC # ---------------------------------------------------------------------------------- -RedirectMatch 301 ^/opac/extras/slimpac/start.html$ /opac/en-US/extras/slimpac/start.html -RedirectMatch 301 ^/opac/extras/slimpac/advanced.html$ /opac/en-US/extras/slimpac/advanced.html +RewriteRule ^/opac/extras/slimpac/start.html$ %{REQUEST_SCHEME}://%{HTTP_HOST}/opac/en-US/extras/slimpac/start.html [R=301,L] +RewriteRule ^/opac/extras/slimpac/advanced.html$ %{REQUEST_SCHEME}://%{HTTP_HOST}/opac/en-US/extras/slimpac/advanced.html [R=301,L] # ---------------------------------------------------------------------------------- # Configure the gateway and translator @@ -285,7 +285,7 @@ Options -Indexes RewriteCond %{QUERY_STRING} locale=([^&]*) -RewriteRule ^/opac/[a-z]{2}-[A-Z]{2}/extras/slimpac/(.*)$ /opac/%1/extras/slimpac/$1? [redirect] +RewriteRule ^/opac/[a-z]{2}-[A-Z]{2}/extras/slimpac/(.*)$ %{REQUEST_SCHEME}://%{HTTP_HOST}/opac/%1/extras/slimpac/$1? [redirect] AddOutputFilter INCLUDES;XMLENT .html -- 2.43.2