Univention Bugzilla – Bug 45449
Apache force_https exclude does not support patterns
Last modified: 2017-09-28 15:56:45 CEST
Since Bug #44628 we support UCR variables to make exceptions for the "force https" rule. The exceptions currently compare the URL lexicographically inequal. We should change this so that a regex pattern is accepted. We need this e.g. for the letsencrypt app, which needs to allow ^/.well-known/acme-challenge/.*.
univention-apache (9.0.5-13): dd653b05077d | Bug #45449: use regex patterns for force https exclusion rules univention-apache.yaml: 1b7a972c1caa | YAML Bug #45449
OK: code OK: advisory (improved wording: a0bccdc..6b51f7c) OK: manual test: ucr set apache2/force_https=yes apache2/force_https/exclude/request_uri/test1="/test1/a" apache2/force_https/exclude/request_uri/test2="/test1/b/$" /test1 doesn't exist, so 404 will happen. But if not excluded requests will first be redirected (301). wget --no-check-certificate http://10.200.3.52/test1/ -> 301 wget --no-check-certificate http://10.200.3.52/test1/abc/ -> 404 wget --no-check-certificate http://10.200.3.52/test1/b/ -> 404 wget --no-check-certificate http://10.200.3.52/test1/bc -> 301
<http://errata.software-univention.de/ucs/4.2/187.html>