Re: [PATCH] RewriteCond and SSL environment variables

Thu, 04 Mar 2004 05:08:07 -0800 

On Thu, Mar 04, 2004 at 11:08:25AM +0100, Andr� Malo wrote:
> * Joe Orton <[EMAIL PROTECTED]> wrote:
> 
> > I'm not really convinced about using ssl_var_lookup_ssl: that function
> > does not handle the "HTTPS" variable, and it would be potentially
> > confusing to users and hard to document since only some subset of the
> > SSL variables could be used.  (it would also need a new optional
> > function in mod_ssl)
> > 
> > I'll commit the original patch with Madhu's fix to check
> > rewrite_ssl_lookup unless there are any strong objections.
> 
> Then it's time to change it. The ssl_var_lookup function is totally messy
> and _slow_.
> We want SSL variables, so let's only grab them.
> 
> I'm -1 (vote not veto) on using the generic ssl_var_lookup function. Maybe
> we should put the HTTPS check into an own function (we could use %{HTTPS} in
> mod_rewrite then). That way, other modules, that want to check (only) HTTPS,
> also don't need to run though all the mess of ssl_var_lookup.

That sounds like a great idea.  I still think that %{SSL:..} should use
ssl_var_lookup for consistency; sure, the function is messy and does
lots of nasty strcasecmp's but I'd really think that the overhead is
lost in the noise for an SSL connection.  It's easy to optimise a few
out anyway...

Index: modules/mappers/mod_rewrite.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/mappers/mod_rewrite.c,v
retrieving revision 1.252
diff -u -r1.252 mod_rewrite.c
--- modules/mappers/mod_rewrite.c       9 Feb 2004 20:29:20 -0000       1.252
+++ modules/mappers/mod_rewrite.c       4 Mar 2004 12:27:41 -0000
@@ -89,6 +89,8 @@
 #include "http_protocol.h"
 #include "http_vhost.h"
 
+#include "mod_ssl.h"
+
 #include "mod_rewrite.h"
 
 #if !defined(OS2) && !defined(WIN32) && !defined(BEOS)  && !defined(NETWARE)
@@ -380,6 +382,9 @@
 static apr_global_mutex_t *rewrite_log_lock = NULL;
 #endif
 
+/* Optional functions imported from mod_ssl when loaded: */
+static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *rewrite_ssl_lookup = NULL;
+static APR_OPTIONAL_FN_TYPE(ssl_is_https) *rewrite_is_https = NULL;
 
 /*
  * +-------------------------------------------------------+
@@ -1610,6 +1615,10 @@
                 result = getenv(var);
             }
         }
+        else if (var[4] && !strncasecmp(var, "SSL", 3) && rewrite_ssl_lookup) {
+            result = rewrite_ssl_lookup(r->pool, r->server, r->connection, r,
+                                        var + 4);
+        }
     }
     else if (var[4] == ':') {
         if (var[5]) {
@@ -1693,6 +1702,13 @@
                 return (char *)result;
             }
             break;
+            
+        case  5:
+            if (!strcmp(var, "HTTPS")) {
+                int flag = rewrite_is_https && rewrite_is_https(r->connection);
+                return apr_pstrdup(r->pool, flag ? "on" : "off");
+            }
+            break;
 
         case  8:
             switch (var[6]) {
@@ -3995,6 +4011,9 @@
             }
         }
     }
+
+    rewrite_ssl_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup);
+    rewrite_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https);
 
     return OK;
 }

Reply via email to