[mod_extforward] save proto per connection

Even though request headers are per-request, update the proto on the
connection level for trusted (proxy) clients.  Note: the proxy must use
each connection only for a single connection from a single client
(typically true in practice), and not for multiple clients.

proto was previously saved on connection level for mod_extforward with
HAProxy PROXY protocol, but did not occur with X-Forwarded-Proto or the
Forwarded request header with proto=...

Before this change, modules which returned HANDLER_COMEBACK could lose
HTTPS=on if the resulting request was for a backend such as mod_fastcgi.
This was reported in mod_rewrite, but could also affect mod_magnet if
MAGNET_RESTART_REQUEST, or mod_cgi with cgi.local-redir = "enable"

  "FastCGI behavior different when using rewrite?"
Glenn Strauss 2 years ago
parent b600b75f20
commit 0c7d250034
  1. 6

@ -606,9 +606,11 @@ static void mod_extforward_set_proto(request_st * const r, const char * const pr
http_header_env_set(r, CONST_STR_LEN("_L_EXTFORWARD_ACTUAL_PROTO"), CONST_BUF_LEN(&r->uri.scheme));
if (buffer_eq_icase_ss(proto, protolen, CONST_STR_LEN("https"))) {
r->con->proto_default_port = 443; /* "https" */
buffer_copy_string_len(&r->uri.scheme, CONST_STR_LEN("https"));
config_cond_cache_reset_item(r, COMP_HTTP_SCHEME);
} else if (buffer_eq_icase_ss(proto, protolen, CONST_STR_LEN("http"))) {
r->con->proto_default_port = 80; /* "http" */
buffer_copy_string_len(&r->uri.scheme, CONST_STR_LEN("http"));
config_cond_cache_reset_item(r, COMP_HTTP_SCHEME);
@ -942,11 +944,9 @@ static handler_t mod_extforward_Forwarded (request_st * const r, plugin_data * c
buffer_copy_string_len(r->http_host, s+v, vlen-v);
int scheme_port =
buffer_eq_slen(&r->uri.scheme,CONST_STR_LEN("https")) ? 443 : 80;
if (0 != http_request_host_policy(r->http_host,
scheme_port)) {
r->con->proto_default_port)) {
/*(reject invalid chars in Host)*/
log_error(r->conf.errh, __FILE__, __LINE__,
"invalid host= value in Forwarded header");