First Last Prev Next    This bug is not in your last search results.
Bug 47071 - Apache does not pass HTTPS in the request header when mod_proxy proxies to HTTP
Apache does not pass HTTPS in the request header when mod_proxy proxies to HTTP
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Apache
UCS 4.2
Other Linux
: P5 normal (vote)
: UCS 4.2-4-errata
Assigned To: Dirk Wiesenthal
Felix Botner
:
Depends on: 44921
Blocks:
  Show dependency treegraph
 
Reported: 2018-05-24 15:33 CEST by Sönke Schwardt-Krummrich
Modified: 2018-06-13 14:06 CEST (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 6: Setup Problem: Issue for the setup process
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.206
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?: Yes
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sönke Schwardt-Krummrich univentionstaff 2018-05-24 15:33:45 CEST 
As stated in bug 44921c2:

> We will need a backport
In this case, UCS 4.2 was meant.

+++ This bug was initially created as a clone of Bug #44921 +++

The App Center allows to pass HTTPS requests to the container. Apache may use HTTP for that proxy connection.

In this case the information that the connection once was HTTPS is not passed through. This may lead to redirects that explicitly tell the browser use HTTP.

We should use
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}

is out sites.
Comment 1 Dirk Wiesenthal univentionstaff 2018-05-25 11:48:30 CEST 
Fixed in
  univention-apache 9.0.5-14A~4.2.0.201805251140
Comment 2 Felix Botner univentionstaff 2018-05-28 17:46:09 CEST 
OK - univention-apache X-Forwarded-Proto X-Forwarded-SSL
OK - yaml
Comment 3 Arvid Requate univentionstaff 2018-06-13 14:06:46 CEST 
<http://errata.software-univention.de/ucs/4.2/419.html>
First Last Prev Next    This bug is not in your last search results.