Come on, let's keep technical once again. Personal grudges ended!
On Sun, Sep 17, 2017 at 3:20 AM, Reindl Harald <h.rei...@thelounge.net> wrote: > > > Am 17.09.2017 um 03:07 schrieb Nick Edwards: >> >> phpmyadmin 4.4.15 is YEARS old > > > and how does that change the fact that > https://bz.apache.org/bugzilla/show_bug.cgi?id=61519#c1 "SERVER_PORT 80" in > case of a https-connection is plain wrong? > >> we using 4.7 for nearly a year, 4.7.2 is current > > > nice for you when you don't have to support older PHP (sync the package to a > RHEL 7 host with PHP 5.4 - my whole own software is PHP 7.1 only with > strict-types but that's not related to the topic at all) > >> this from a troll who verbally abuses the hell out of people on other >> lists for posting similar comments using very outdated softwares HAH, this >> ones in google for life. > > > the only troll in this thread is you and nobody asked you, just because i > have never seen anything useful on any list since you only post if you face > something from me and otherwise you are a silent lurker everywhere! > >> On Sun, Sep 17, 2017 at 10:24 AM, Reindl Harald <h.rei...@thelounge.net >> <mailto:h.rei...@thelounge.net>> wrote: >> >> >> that's even more worse - phpMyAdmin 4.4.15.10 seems to handle >> something wrong because $_SERVER['SERVER_PORT'] is wrong - and i had >> myself some bad code using that var instead of $_SERVER['HTTPS'] >> which again leaded in a endless loop >> >> in case of phpMyAdmin it redirects to https://hostname:80/path/ >> after enter username/password - the workaround below in the config >> file seems to solve that for now, but all in all that leaves a very >> bad taste >> >> if(empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] === 'off') >> { >> $cfg['ForceSSL'] = false; >> } >> else >> { >> $cfg['ForceSSL'] = true; >> } >> >> >> Am 14.09.2017 um 18:16 schrieb Reindl Harald: >> >> Am 14.09.2017 um 16:08 schrieb Stefan Eissing: >> >> Ok, as I read the code a bit more, there is a tangle of >> things that can influence port/scheme selection. But what I >> can see, the version in *trunk* should do the right thing >> *iff* >> >> a) you use "SSLEngine *:443" instead of "Optional" >> b) you use "ServerName xxx.yyy" *without* a port name >> >> the a >> <VirtualHost *:80 *:443> >> ServerName xxx.yyy >> SSLEngine *:443 >> ... >> </VirtualHost> >> >> should do the right thing here. Internal methods used to >> generator Redirect Location headers, namely >> ap_construct_url() >> ap_get_server_port() >> ap_http_scheme() >> should give back the correct values for each connection and >> als fill the Env Variables with the correct values. >> >> >> what means "trunk" here? >> a future 2.5/2.6/3.0 or a 2.4.x in the near future? >> >> within 2 weeks you need TLS on each and every host since Chrome >> starts to warn about every page with a form tag and no TLS >> >> [root@srv-rhsoft:~]$ apachectl -t >> AH00526: Syntax error on line 29 of >> /etc/httpd/conf/sites_enabled/contentlounge.conf: >> Argument must be On, Off, or Optional >> >> Am 14.09.2017 um 15:46 schrieb Reindl Harald >> <h.rei...@thelounge.net <mailto:h.rei...@thelounge.net>>: >> >> >> >> Am 14.09.2017 um 15:40 schrieb Stefan Eissing: >> >> Harald, >> could you check if a configuration like: >> UseCanonicalPhysicalPort on >> in the server or vhost mitigates the problem? >> >> >> it makes it even more terrible and the resulting http:// >> protocol instead https// on port 443 here even tiggers >> mod_security >> >> even if it would mitigate that issue - having ports in >> redirect urls easily leads to a lot of other problems >> when proxy-servers are part of the game >> >> [harry@srv-rhsoft:/mnt/data/downloads]$ curl --head >> --insecure https://contentlounge/cms >> HTTP/1.1 301 Moved Permanently >> Date: Thu, 14 Sep 2017 13:43:06 GMT >> X-DNS-Prefetch-Control: off >> X-Content-Type-Options: nosniff >> X-Response-Time: D=1561 us >> Location: http://contentlounge:443/cms/ >> Cache-Control: max-age=0 >> Expires: Thu, 14 Sep 2017 13:43:06 GMT >> Content-Type: text/html; charset=iso-8859-1 >> >> Am 14.09.2017 um 12:00 schrieb Reindl Harald >> <h.rei...@thelounge.net >> <mailto:h.rei...@thelounge.net>>: >> >> >> >> >> Am 10.08.2017 um 18:22 schrieb Reindl Harald: >> >> If you want to experiment... >> <VirtualHost IP:80 IP:443> >> is already recognized >> >> but with "SSLEngine On" and >> "SSLCertificateFile" configured non-https no >> longer would work >> >> >> OK, figured it out >> >> * you need the *first* vhost with "SSLEngine On" >> * others can have "SSLEngine optional" and >> listen to 80 and 443 >> >> but there is a bug: >> >> https://bz.apache.org/bugzilla/show_bug.cgi?id=61519 >> >> <https://bz.apache.org/bugzilla/show_bug.cgi?id=61519> >> >> if the trailing slash is missing in the url the >> automatic redirect to the full qualified >> folder-path points to http:// instead https:// >> and that does not happen within a vhost >> dedicated to :443 and "SSLEngine On" >> >> i was trapped in a endless loop because the php >> script making a redirect to https:// had a bug >> and missed the traling / too >> >> <VirtualHost *:80 *:443> >> DocumentRoot "/www/contentlounge" >> ServerName contentlounge.rhsoft.net >> <http://contentlounge.rhsoft.net> >> SSLEngine optional >> SSLCertificateFile "conf/ssl/rhsoft.net.pem" >> </VirtualHost> >> >> [harry@srv-rhsoft:~]$ curl --head --insecure >> https://contentlounge/cms >> HTTP/1.1 301 Moved Permanently >> Date: Thu, 14 Sep 2017 09:40:27 GMT >> X-DNS-Prefetch-Control: off >> X-Content-Type-Options: nosniff >> X-Response-Time: D=1311 us >> Location: http://contentlounge/cms/ >> Cache-Control: max-age=0 >> Expires: Thu, 14 Sep 2017 09:40:27 GMT >> Content-Type: text/html; charset=iso-8859-1 > >
