Bug 40173 - Redirect from http://$SERVER/server-status to https does not work
Redirect from http://$SERVER/server-status to https does not work
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: SSL
UCS 4.0
Other Linux
: P5 normal (vote)
: UCS 4.1-0-errata
Assigned To: Florian Best
Daniel Tröder
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-12-04 10:04 CET by Nico Gulden
Modified: 2016-01-13 13:10 CET (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Nico Gulden univentionstaff 2015-12-04 10:04:34 CET
Reported with Ticket#2015120221000246

Since UCS 4.0-3 HTTPS can be enforced on UCS:
ucr set apache2/force_https=true

Side effect: Munin plugins or direct calls to http://$SERVER/server-status receive a HTTP-302. The plugins cannot deal with the redirect.

The user suggests to change the /etc/univention/templates/files/etc/apache2/mods-available/ssl.conf template and add a check that does not enforce SSL if the URL includes /server-status.

A suggested patch is attached to the above mentioned ticket.
Comment 1 Florian Best univentionstaff 2015-12-09 18:17:28 CET
Should be fixed together with the patch at Bug #40121.
Comment 2 Florian Best univentionstaff 2016-01-04 13:51:06 CET
univention-apache (8.0.1-3):
r66559 | Bug #40121: Bug #40173: fix HTTP status when redirecting to HTTPS

univention-apache.yaml:
r66562 | YAML Bug #40121 Bug #40173
Comment 3 Daniel Tröder univentionstaff 2016-01-12 12:47:21 CET
OK: Code
OK: advisory
OK: manual test:
# ucr set apache2/force_https=true
# wget --no-check-certificate http://10.200.3.22/server-status
--2016-01-12 12:38:37--  http://10.200.3.22/server-status
Verbindungsaufbau zu 10.200.3.22:80... verbunden.
HTTP-Anforderung gesendet, warte auf Antwort... 200 OK

→ not redirected
Comment 4 Janek Walkenhorst univentionstaff 2016-01-13 13:10:49 CET
<http://errata.software-univention.de/ucs/4.1/48.html>