Bug 47071

Summary: Apache does not pass HTTPS in the request header when mod_proxy proxies to HTTP
Product: UCS Reporter: Sönke Schwardt-Krummrich <schwardt>
Component: ApacheAssignee: Dirk Wiesenthal <wiesenthal>
Status: CLOSED FIXED QA Contact: Felix Botner <botner>
Severity: normal    
Priority: P5 CC: botner, gohmann, gulden, wiesenthal
Version: UCS 4.2   
Target Milestone: UCS 4.2-4-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: Bug Report What type of bug is this?: 6: Setup Problem: Issue for the setup process
Who will be affected by this bug?: 2: Will only affect a few installed domains How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.206 Enterprise Customer affected?:
School Customer affected?: Yes ISV affected?: Yes
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:
Bug Depends on: 44921    
Bug Blocks:    

Description Sönke Schwardt-Krummrich univentionstaff 2018-05-24 15:33:45 CEST 
As stated in bug 44921c2:

> We will need a backport
In this case, UCS 4.2 was meant.

+++ This bug was initially created as a clone of Bug #44921 +++

The App Center allows to pass HTTPS requests to the container. Apache may use HTTP for that proxy connection.

In this case the information that the connection once was HTTPS is not passed through. This may lead to redirects that explicitly tell the browser use HTTP.

We should use
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}

is out sites.
Comment 1 Dirk Wiesenthal univentionstaff 2018-05-25 11:48:30 CEST 
Fixed in
  univention-apache 9.0.5-14A~4.2.0.201805251140
Comment 2 Felix Botner univentionstaff 2018-05-28 17:46:09 CEST 
OK - univention-apache X-Forwarded-Proto X-Forwarded-SSL
OK - yaml
Comment 3 Arvid Requate univentionstaff 2018-06-13 14:06:46 CEST 
<http://errata.software-univention.de/ucs/4.2/419.html>