Re: Respect X-Forwarded-Proto in httpd

2021-04-29 Thread Dave Voutila
Vincent Lee writes: > I wasn't aware relative redirects were a thing now! In that case, > I think this is a better solution than reading X-Forwarded-Proto. > Thanks for the discussion! Committed with OK claudio@ off-list. Thanks for pointing this out, Vincent. -dv

Re: Respect X-Forwarded-Proto in httpd

2021-04-28 Thread Vincent Lee
Dave Voutila writes: > Claudio Jeker writes: > >> On Wed, Apr 28, 2021 at 09:55:16AM -0400, Dave Voutila wrote: >>> >>> Claudio Jeker writes: >>> >>> > On Wed, Apr 28, 2021 at 08:18:47AM -0400, Dave Voutila wrote: >>> >> >>> >> Claudio Jeker writes: >>> >> >>> >> > Another thing to consider is t

Re: Respect X-Forwarded-Proto in httpd

2021-04-28 Thread Dave Voutila
Claudio Jeker writes: > On Wed, Apr 28, 2021 at 09:55:16AM -0400, Dave Voutila wrote: >> >> Claudio Jeker writes: >> >> > On Wed, Apr 28, 2021 at 08:18:47AM -0400, Dave Voutila wrote: >> >> >> >> Claudio Jeker writes: >> >> >> >> > Another thing to consider is that X-Forwarded headers should onl

Re: Respect X-Forwarded-Proto in httpd

2021-04-28 Thread Claudio Jeker
On Wed, Apr 28, 2021 at 09:55:16AM -0400, Dave Voutila wrote: > > Claudio Jeker writes: > > > On Wed, Apr 28, 2021 at 08:18:47AM -0400, Dave Voutila wrote: > >> > >> Claudio Jeker writes: > >> > >> > Another thing to consider is that X-Forwarded headers should only be > >> > accepted from trusted

Re: Respect X-Forwarded-Proto in httpd

2021-04-28 Thread Dave Voutila
Claudio Jeker writes: > On Wed, Apr 28, 2021 at 08:18:47AM -0400, Dave Voutila wrote: >> >> Claudio Jeker writes: >> >> > Another thing to consider is that X-Forwarded headers should only be >> > accepted from trusted sources. I don't think this particular usage of >> > X-Forwarded-Proto is prob

Re: Respect X-Forwarded-Proto in httpd

2021-04-28 Thread Claudio Jeker
On Wed, Apr 28, 2021 at 08:18:47AM -0400, Dave Voutila wrote: > > Claudio Jeker writes: > > > Another thing to consider is that X-Forwarded headers should only be > > accepted from trusted sources. I don't think this particular usage of > > X-Forwarded-Proto is probelmatic. In the end for this pa

Re: Respect X-Forwarded-Proto in httpd

2021-04-28 Thread Dave Voutila
Claudio Jeker writes: > Another thing to consider is that X-Forwarded headers should only be > accepted from trusted sources. I don't think this particular usage of > X-Forwarded-Proto is probelmatic. In the end for this particular case of > redirect using a relative URL seems to be a better cho

Re: Respect X-Forwarded-Proto in httpd

2021-04-28 Thread Claudio Jeker
On Tue, Apr 27, 2021 at 04:34:18PM -0400, Dave Voutila wrote: > > Stuart Henderson writes: > > > On 2021/04/27 10:40, Vincent Lee wrote: > >> > >> Hi all, > >> > >> Consider the following situation. A reverse proxy which performs TLS > >> termination is deployed in front of httpd, which listens u

Re: Respect X-Forwarded-Proto in httpd

2021-04-27 Thread Raymond E. Pasco
On Tue Apr 27, 2021 at 4:55 PM EDT, Stuart Henderson wrote: > It's the other way round, this (or proto= in the newer standardised > Forwarded header) would be set by a reverse proxy to indicate the > protocol that the client request came in on so that something running on > the webserver could reac

Re: Respect X-Forwarded-Proto in httpd

2021-04-27 Thread Stuart Henderson
On 2021/04/27 16:23, Raymond E. Pasco wrote: > On Tue Apr 27, 2021 at 3:40 PM EDT, Stuart Henderson wrote: > > How does this work with other web servers? For example, I don't see the > > string X-Forwarded-Proto in nginx or Apache httpd (and the use of other > > X-Forwarded headers in them are only

Re: Respect X-Forwarded-Proto in httpd

2021-04-27 Thread Raymond E. Pasco
On Tue Apr 27, 2021 at 3:40 PM EDT, Stuart Henderson wrote: > How does this work with other web servers? For example, I don't see the > string X-Forwarded-Proto in nginx or Apache httpd (and the use of other > X-Forwarded headers in them are only for adding to requests when running > as a proxy its

Re: Respect X-Forwarded-Proto in httpd

2021-04-27 Thread Dave Voutila
Stuart Henderson writes: > On 2021/04/27 10:40, Vincent Lee wrote: >> >> Hi all, >> >> Consider the following situation. A reverse proxy which performs TLS >> termination is deployed in front of httpd, which listens unencrypted on >> localhost. >> >> There is code in httpd to handle the case wh

Re: Respect X-Forwarded-Proto in httpd

2021-04-27 Thread Stuart Henderson
On 2021/04/27 10:40, Vincent Lee wrote: > > Hi all, > > Consider the following situation. A reverse proxy which performs TLS > termination is deployed in front of httpd, which listens unencrypted on > localhost. > > There is code in httpd to handle the case where a directory is accessed, > but

Re: Respect X-Forwarded-Proto in httpd

2021-04-27 Thread Dave Voutila
Vincent Lee writes: > Hi all, > > Consider the following situation. A reverse proxy which performs TLS > termination is deployed in front of httpd, which listens unencrypted on > localhost. > > There is code in httpd to handle the case where a directory is accessed, > but the path named does no

Respect X-Forwarded-Proto in httpd

2021-04-27 Thread Vincent Lee
Hi all, Consider the following situation. A reverse proxy which performs TLS termination is deployed in front of httpd, which listens unencrypted on localhost. There is code in httpd to handle the case where a directory is accessed, but the path named does not end with a slash. In this case, h