https://issues.apache.org/bugzilla/show_bug.cgi?id=50823
Summary: Provide alternate failure modes for http on https
Product: Apache httpd-2
Version: 2.2.16
Platform: PC
OS/Version: Linux
Status: NEW
Severity: trivial
Priority: P2
Component: mod_ssl
AssignedTo: [email protected]
ReportedBy: [email protected]
When using HTTP over TLS from within a virtual host, the current failure mode
is to attempt to return an HTML error page emulating that of a 400 status error
document. I say emulating because the status code isn't in the response
headers, which most browsers seem to interpret as a 200 status (when using the
HTTP/0.9 protocol as the current solution does).
There is also an issue in that, because the current implementation refrains
from reading any more data from the socket, there is no way to retrieve any
Host: header from the request. This means that the returned page shows the
default canonical ServerName for any such requests, which when using virtual
hosts is generally irrelevant (possibly returning a link suggesting trying to
load a completely irrelevant website's HTTPS service).
I realize that the latter issue can be resolved by changing the default
ServerName to something that doesn't resolve, (or localhost, or similar),
however, this is still suboptimal.
Before I knew the details of mod_ssl, I was attempting to use mod_rewrite to
redirect this request to the proper HTTPS service. This obviously didn't work.
Setting the 400 ErrorDocument to use HTML <meta http-redirect ...> markup
would do the trick, but that is also suboptimal, for obvious reasons.
What I propose is creating a new directive that allows modification of the
current behavior. The directive would enable this to be handled like any other
non TLS speaking client that tries this, i.e. they get dropped.
It would be nice if the current method actually set the status code, and if it
was possible to disable the hint link or perhaps parse the request headers and
prefer the Host: header over ap_get_server_name() for link generation. It's
possible that whatever method would be implemented to allow parsing the headers
would wind up kicking in the required goods to allow ap_get_server_name()'s use
as it return the Host: header.
I'll create a patch for the new mod_ssl directive that allows disabling of
specialization of HTTP on TLS if there's any chance it would be accepted.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
