LP#1648234 Apache redirects to standard ports

Certain Apache redirects now send the browser to standard 80/443 ports
instead of defaulting to the internally configured Apache ports,
which may be non-standard, particularly in a proxied environment.

Leaking the non-standard ports to the browser causes the browser to
bypass the proxy and could cause the browser to request inaccessible
pages.

Paths affected by this patch:

/
/eg/staff
/opac/extras/slimpac/start.html
/opac/extras/slimpac/advanced.html
/opac/extras/slimpac/.*?locale=.*

To test:

1. Configure Apache to use non-standard ports for port 80/443 (e.g. 7080
and 7443).
2. Confirm the issue by navigatigating to http://HOST/
3. This should redirect to http://HOST:7080/eg/opac/home
4. Apply the Apache config changes and reload/restart Apache.
5. Clear the browser cache to reset any redirects
6. Navigate to http://HOST/
7. Confirm it redirects the browser to http://HOST/eg/opac/home

Signed-off-by: Bill Erickson <berickxx@gmail.com>
Signed-off-by: Ben Shum <ben@evergreener.net>
Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>

diff --git a/Open-ILS/examples/apache/eg_vhost.conf.in b/Open-ILS/examples/apache/eg_vhost.conf.in
index 8800c81..576f454 100644 (file)
--- a/Open-ILS/examples/apache/eg_vhost.conf.in
+++ b/Open-ILS/examples/apache/eg_vhost.conf.in
@@ -6,12 +6,12 @@
 # ----------------------------------------------------------------------------------
 # Point / to the opac - if you have a custom skin or locale, point at it here
 # ----------------------------------------------------------------------------------
-RedirectMatch 301 ^/$ /eg/opac/home
+RewriteRule ^/$ %{REQUEST_SCHEME}://%{HTTP_HOST}/eg/opac/home [R=301,L]
 
 # ----------------------------------------------------------------------------------
 # Redirect staff to the correct URL if they forget to include the final /
 # ----------------------------------------------------------------------------------
-RedirectMatch 301 ^/eg/staff$ /eg/staff/
+RewriteRule ^/eg/staff$ https://%{HTTP_HOST}/eg/staff/ [R=301,L]
 
 # ----------------------------------------------------------------------------------
 # Point / to the IP address redirector
@@ -34,8 +34,8 @@ RedirectMatch 301 ^/eg/staff$ /eg/staff/
 # ----------------------------------------------------------------------------------
 # Assign a default locale to the accessible OPAC
 # ----------------------------------------------------------------------------------
-RedirectMatch 301 ^/opac/extras/slimpac/start.html$    /opac/en-US/extras/slimpac/start.html
-RedirectMatch 301 ^/opac/extras/slimpac/advanced.html$ /opac/en-US/extras/slimpac/advanced.html
+RewriteRule ^/opac/extras/slimpac/start.html$ %{REQUEST_SCHEME}://%{HTTP_HOST}/opac/en-US/extras/slimpac/start.html [R=301,L]
+RewriteRule ^/opac/extras/slimpac/advanced.html$ %{REQUEST_SCHEME}://%{HTTP_HOST}/opac/en-US/extras/slimpac/advanced.html [R=301,L]
 
 # ----------------------------------------------------------------------------------
 # Configure the gateway and translator
@@ -284,7 +284,7 @@ Options -Indexes
 </LocationMatch>
 
 RewriteCond %{QUERY_STRING} locale=([^&]*)
-RewriteRule ^/opac/[a-z]{2}-[A-Z]{2}/extras/slimpac/(.*)$ /opac/%1/extras/slimpac/$1? [redirect]
+RewriteRule ^/opac/[a-z]{2}-[A-Z]{2}/extras/slimpac/(.*)$ %{REQUEST_SCHEME}://%{HTTP_HOST}/opac/%1/extras/slimpac/$1? [redirect]
 <LocationMatch /opac/[a-z]{2}-[A-Z]{2}/extras/slimpac/>
     AddOutputFilter INCLUDES;XMLENT .html
 </LocationMatch>

diff --git a/Open-ILS/examples/apache_24/eg_vhost.conf.in b/Open-ILS/examples/apache_24/eg_vhost.conf.in
index 45ac27f..48c6ef0 100644 (file)
--- a/Open-ILS/examples/apache_24/eg_vhost.conf.in
+++ b/Open-ILS/examples/apache_24/eg_vhost.conf.in
@@ -6,12 +6,12 @@
 # ----------------------------------------------------------------------------------
 # Point / to the opac - if you have a custom skin or locale, point at it here
 # ----------------------------------------------------------------------------------
-RedirectMatch 301 ^/$ /eg/opac/home
+RewriteRule ^/$ %{REQUEST_SCHEME}://%{HTTP_HOST}/eg/opac/home [R=301,L]
 
 # ----------------------------------------------------------------------------------
 # Redirect staff to the correct URL if they forget to include the final /
 # ----------------------------------------------------------------------------------
-RedirectMatch 301 ^/eg/staff$ /eg/staff/
+RewriteRule ^/eg/staff$ https://%{HTTP_HOST}/eg/staff/ [R=301,L]
 
 # ----------------------------------------------------------------------------------
 # Point / to the IP address redirector
@@ -34,8 +34,8 @@ RedirectMatch 301 ^/eg/staff$ /eg/staff/
 # ----------------------------------------------------------------------------------
 # Assign a default locale to the accessible OPAC
 # ----------------------------------------------------------------------------------
-RedirectMatch 301 ^/opac/extras/slimpac/start.html$    /opac/en-US/extras/slimpac/start.html
-RedirectMatch 301 ^/opac/extras/slimpac/advanced.html$ /opac/en-US/extras/slimpac/advanced.html
+RewriteRule ^/opac/extras/slimpac/start.html$ %{REQUEST_SCHEME}://%{HTTP_HOST}/opac/en-US/extras/slimpac/start.html [R=301,L]
+RewriteRule ^/opac/extras/slimpac/advanced.html$ %{REQUEST_SCHEME}://%{HTTP_HOST}/opac/en-US/extras/slimpac/advanced.html [R=301,L]
 
 # ----------------------------------------------------------------------------------
 # Configure the gateway and translator
@@ -285,7 +285,7 @@ Options -Indexes
 </LocationMatch>
 
 RewriteCond %{QUERY_STRING} locale=([^&]*)
-RewriteRule ^/opac/[a-z]{2}-[A-Z]{2}/extras/slimpac/(.*)$ /opac/%1/extras/slimpac/$1? [redirect]
+RewriteRule ^/opac/[a-z]{2}-[A-Z]{2}/extras/slimpac/(.*)$ %{REQUEST_SCHEME}://%{HTTP_HOST}/opac/%1/extras/slimpac/$1? [redirect]
 <LocationMatch /opac/[a-z]{2}-[A-Z]{2}/extras/slimpac/>
     AddOutputFilter INCLUDES;XMLENT .html
 </LocationMatch>