File: ssl_redirection_infinite_loop.mdwn

package info (click to toggle)
ikiwiki-hosting 0.20161219
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 868 kB
  • ctags: 296
  • sloc: perl: 5,315; sh: 183; ansic: 168; makefile: 53
file content (60 lines) | stat: -rw-r--r-- 1,924 bytes parent folder | download | duplicates (5)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
this is a [[patch]], really, with full description builtin:

<pre>
From 8f16b20818a14f27bb18aa3016d5808dd56082c9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <anarcat@koumbit.org>
Date: Wed, 18 Nov 2015 23:08:10 -0500
Subject: [PATCH] fix ssl redirections

it seems the previous redirections were not doing anything, or more
precisely, they were looping:

    RewriteRule ^/(.*) <TMPL_VAR URL_ESCAPED> [L,R,NE]

... was generting the following rule:

    RewriteRule ^/(.*)  [L,R,NE]

because url_escaped wasn't passed to the template. but even if was, it
would still do an infinite redirect loop on itself. what it needs is
https_url_escaped, which wasn't passed either.
---
 ikisite                    | 4 ++++
 templates/apache-site.tmpl | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/ikisite b/ikisite
index 9197ca3..a847c20 100755
--- a/ikisite
+++ b/ikisite
@@ -1621,6 +1621,10 @@ sub enable {
                cgidir => cgidir($hostname),
                logdir => logdir($hostname),
                source_hostname => "source.$hostname",
+               # Value escaped to prevent leakage
+               # into RewriteEngine regexp.
+               url_escaped => quotemeta($redirurl),
+               https_url_escaped => quotemeta($httpsredirurl),
                @ssl_template_vars
        );

diff --git a/templates/apache-site.tmpl b/templates/apache-site.tmpl
index 58e8697..7823b87 100644
--- a/templates/apache-site.tmpl
+++ b/templates/apache-site.tmpl
@@ -15,7 +15,7 @@

 <TMPL_IF REDIRECT_TO_HTTPS>
        RewriteEngine On
-       RewriteRule ^/(.*) <TMPL_VAR URL_ESCAPED>$1 [L,R,NE]
+       RewriteRule ^/(.*) <TMPL_VAR HTTPS_URL_ESCAPED>$1 [L,R,NE]
 <TMPL_ELSE>
        DocumentRoot <TMPL_VAR DESTDIR>
        <Directory />
--
2.1.4
</pre>

works in production in http://anarc.at/ (encrypted with letsencrypt!). -- [[anarcat]]

> [[applied|done]] --[[Joey]]