Bug 47071 - Apache does not pass HTTPS in the request header when mod_proxy proxies to HTTP
Summary: Apache does not pass HTTPS in the request header when mod_proxy proxies to HTTP
Status: CLOSED FIXED
Alias: None
Product: UCS
Classification: Unclassified
Component: Apache
Version: UCS 4.2
Hardware: Other Linux
: P5 normal
Target Milestone: UCS 4.2-4-errata
Assignee: Dirk Wiesenthal
QA Contact: Felix Botner
URL:
Keywords:
Depends on: 44921
Blocks:
  Show dependency treegraph
 
Reported: 2018-05-24 15:33 CEST by Sönke Schwardt-Krummrich
Modified: 2018-06-13 14:06 CEST (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 6: Setup Problem: Issue for the setup process
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.206
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?: Yes
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Customer ID: 00009
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sönke Schwardt-Krummrich univentionstaff 2018-05-24 15:33:45 CEST 
As stated in bug 44921c2:

> We will need a backport
In this case, UCS 4.2 was meant.

+++ This bug was initially created as a clone of Bug #44921 +++

The App Center allows to pass HTTPS requests to the container. Apache may use HTTP for that proxy connection.

In this case the information that the connection once was HTTPS is not passed through. This may lead to redirects that explicitly tell the browser use HTTP.

We should use
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}

is out sites.
Comment 1 Dirk Wiesenthal univentionstaff 2018-05-25 11:48:30 CEST 
Fixed in
  univention-apache 9.0.5-14A~4.2.0.201805251140
Comment 2 Felix Botner univentionstaff 2018-05-28 17:46:09 CEST 
OK - univention-apache X-Forwarded-Proto X-Forwarded-SSL
OK - yaml
Comment 3 Arvid Requate univentionstaff 2018-06-13 14:06:46 CEST 
<http://errata.software-univention.de/ucs/4.2/419.html>