RE: [Pound Mailing List] RewriteLocation 2 not working correctly

Fri, 21 Jun 2013 08:01:31 -0700 

8<----------------
Release 2.6c

Enhancements:
    - added support for OpenSSL 1.0
    - added some more detailed error logging

Bug fixes:
    - fix for RewriteLocation
    - fix for HTTPS back-ends
    - fix for RPC support
    - fix for possible request smuggling by using multiple headers

Many thanks to Frank Schmirler and Ruben Kerkhof for the contributed patches
8<----------------

Relevant change seems to be that if there's a match against the backend 
address, and the protocol is wrong, it rewrites it.

You can fix it by finding the need_rewrite function in svc.c.  Look for 

|| strcasecmp(proto, (lstn->ctx == NULL)? "http": "https")

And comment it out of the if.

Or apply this
https://github.com/goochjj/pound/commit/1ed1f6ac90c28c6c1ba7987852996bbfbcb22a2a.diff


Personally I'm of the opinion that RewriteLocation needs to be rewritten.  It's 
too much of a common topic on the list.

Perhaps something more like: (use some or all)
RewriteLocation be-match-exact be-match-wrongport be-match-wrongproto 
listener-match-exact listener-match-wrongport listener-match-wrongproto

You would use be-match-exact, and maybe be-match-wrongport.  (and perhaps the 
listener versions too)

In my branches, I need additional support for global listeners.  I find it's 
something I have to consistently modify every time there's a new pound version.


Joe


> -----Original Message-----
> From: Todd Freeman [mailto:[email protected]]
> Sent: Friday, June 21, 2013 9:57 AM
> To: [email protected]
> Subject: [Pound Mailing List] RewriteLocation 2 not working correctly
> 
> Upgraded from 2.4 to 2.6 on our production machines...  now we are
> seeing that any redirects that we are serving to move people from http
> -> https are being rewritten by pound to http again.
> 
> Example:
>    Location: https://blah.andrews.edu/
> becomes:
>    Location: http://blah.andrews.edu/
> 
> In 2.4 RewriteLocation 2  handled this just fine... but in 2.6 it seems
> to be failing.  Did I miss an upgrade note or something... or is this a
> real bug?
> 
> I tried with 2.7a as well and am seeing the same behavior.
> 
> Relevant portion of my config looks like:
> ListenHTTP
>          Address 143.207.1.30
>          Port 80
>          xHTTP 1
>          RewriteLocation 2
>      ....
> End
> 
> Thanks!
> 
> --
> Todd Freeman  Ext 6103                   .^.    Don't fear the
> penguins!
> Programming Department                   /V\
> Andrews University                      // \\    http://www.linux.org/
> http://www.andrews.edu/~freeman/       /(   )\   http://www.debian.org/
>                                          ^^ ^^
> 
> 
> --
> To unsubscribe send an email with subject unsubscribe to
> [email protected].
> Please contact [email protected] for questions.

--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.

Reply via email to