Am 17.09.2017 um 03:07 schrieb Nick Edwards:
phpmyadmin 4.4.15 is YEARS old
and how does that change the fact that
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519#c1 "SERVER_PORT 80"
in case of a https-connection is plain wrong?
we using 4.7 for nearly a year, 4.7.2 is current
nice for you when you don't have to support older PHP (sync the package
to a RHEL 7 host with PHP 5.4 - my whole own software is PHP 7.1 only
with strict-types but that's not related to the topic at all)
this from a troll who verbally abuses the hell out of people on other
lists for posting similar comments using very outdated softwares HAH,
this ones in google for life.
the only troll in this thread is you and nobody asked you, just because
i have never seen anything useful on any list since you only post if you
face something from me and otherwise you are a silent lurker everywhere!
On Sun, Sep 17, 2017 at 10:24 AM, Reindl Harald <h.rei...@thelounge.net
<mailto:h.rei...@thelounge.net>> wrote:
that's even more worse - phpMyAdmin 4.4.15.10 seems to handle
something wrong because $_SERVER['SERVER_PORT'] is wrong - and i had
myself some bad code using that var instead of $_SERVER['HTTPS']
which again leaded in a endless loop
in case of phpMyAdmin it redirects to https://hostname:80/path/
after enter username/password - the workaround below in the config
file seems to solve that for now, but all in all that leaves a very
bad taste
if(empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] === 'off')
{
$cfg['ForceSSL'] = false;
}
else
{
$cfg['ForceSSL'] = true;
}
Am 14.09.2017 um 18:16 schrieb Reindl Harald:
Am 14.09.2017 um 16:08 schrieb Stefan Eissing:
Ok, as I read the code a bit more, there is a tangle of
things that can influence port/scheme selection. But what I
can see, the version in *trunk* should do the right thing *iff*
a) you use "SSLEngine *:443" instead of "Optional"
b) you use "ServerName xxx.yyy" *without* a port name
the a
<VirtualHost *:80 *:443>
ServerName xxx.yyy
SSLEngine *:443
...
</VirtualHost>
should do the right thing here. Internal methods used to
generator Redirect Location headers, namely
ap_construct_url()
ap_get_server_port()
ap_http_scheme()
should give back the correct values for each connection and
als fill the Env Variables with the correct values.
what means "trunk" here?
a future 2.5/2.6/3.0 or a 2.4.x in the near future?
within 2 weeks you need TLS on each and every host since Chrome
starts to warn about every page with a form tag and no TLS
[root@srv-rhsoft:~]$ apachectl -t
AH00526: Syntax error on line 29 of
/etc/httpd/conf/sites_enabled/contentlounge.conf:
Argument must be On, Off, or Optional
Am 14.09.2017 um 15:46 schrieb Reindl Harald
<h.rei...@thelounge.net <mailto:h.rei...@thelounge.net>>:
Am 14.09.2017 um 15:40 schrieb Stefan Eissing:
Harald,
could you check if a configuration like:
UseCanonicalPhysicalPort on
in the server or vhost mitigates the problem?
it makes it even more terrible and the resulting http://
protocol instead https// on port 443 here even tiggers
mod_security
even if it would mitigate that issue - having ports in
redirect urls easily leads to a lot of other problems
when proxy-servers are part of the game
[harry@srv-rhsoft:/mnt/data/downloads]$ curl --head
--insecure https://contentlounge/cms
HTTP/1.1 301 Moved Permanently
Date: Thu, 14 Sep 2017 13:43:06 GMT
X-DNS-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Response-Time: D=1561 us
Location: http://contentlounge:443/cms/
Cache-Control: max-age=0
Expires: Thu, 14 Sep 2017 13:43:06 GMT
Content-Type: text/html; charset=iso-8859-1
Am 14.09.2017 um 12:00 schrieb Reindl Harald
<h.rei...@thelounge.net
<mailto:h.rei...@thelounge.net>>:
Am 10.08.2017 um 18:22 schrieb Reindl Harald:
If you want to experiment...
<VirtualHost IP:80 IP:443>
is already recognized
but with "SSLEngine On" and
"SSLCertificateFile" configured non-https no
longer would work
OK, figured it out
* you need the *first* vhost with "SSLEngine On"
* others can have "SSLEngine optional" and
listen to 80 and 443
but there is a bug:
https://bz.apache.org/bugzilla/show_bug.cgi?id=61519
<https://bz.apache.org/bugzilla/show_bug.cgi?id=61519>
if the trailing slash is missing in the url the
automatic redirect to the full qualified
folder-path points to http:// instead https://
and that does not happen within a vhost
dedicated to :443 and "SSLEngine On"
i was trapped in a endless loop because the php
script making a redirect to https:// had a bug
and missed the traling / too
<VirtualHost *:80 *:443>
DocumentRoot "/www/contentlounge"
ServerName contentlounge.rhsoft.net
<http://contentlounge.rhsoft.net>
SSLEngine optional
SSLCertificateFile "conf/ssl/rhsoft.net.pem"
</VirtualHost>
[harry@srv-rhsoft:~]$ curl --head --insecure
https://contentlounge/cms
HTTP/1.1 301 Moved Permanently
Date: Thu, 14 Sep 2017 09:40:27 GMT
X-DNS-Prefetch-Control: off
X-Content-Type-Options: nosniff
X-Response-Time: D=1311 us
Location: http://contentlounge/cms/
Cache-Control: max-age=0
Expires: Thu, 14 Sep 2017 09:40:27 GMT
Content-Type: text/html; charset=iso-8859-1
