From 29a955c8fbf73d1c89f0b074636a22ad708784cd Mon Sep 17 00:00:00 2001 From: Bill Erickson Date: Mon, 17 Apr 2017 14:09:10 -0400 Subject: [PATCH] LP#1648234 IP Redirect honors client port IP-based redirection now redirects the client to the same port number originally requsted by the client, instead of using the port that the Apache server is listening on. This prevents internal Apache from leaking to the caller when a proxy is used. Signed-off-by: Bill Erickson Signed-off-by: Ben Shum Signed-off-by: Galen Charlton --- Open-ILS/src/perlmods/lib/OpenILS/WWW/Redirect.pm | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/Open-ILS/src/perlmods/lib/OpenILS/WWW/Redirect.pm b/Open-ILS/src/perlmods/lib/OpenILS/WWW/Redirect.pm index d55c01f122..c0533dbff5 100644 --- a/Open-ILS/src/perlmods/lib/OpenILS/WWW/Redirect.pm +++ b/Open-ILS/src/perlmods/lib/OpenILS/WWW/Redirect.pm @@ -56,11 +56,17 @@ sub handler { my $apache = shift; my $cgi = CGI->new( $apache ); - my $port = $cgi->server_port(); my $hostname = $cgi->server_name(); my $proto = ($cgi->https) ? 'https' : 'http'; my $user_ip = $ENV{REMOTE_ADDR}; + # Extract the port number from the user requested URL. + my $port = ''; + my $cgiurl = $cgi->url; + if ($cgiurl =~ m|https?://[^:]+:\d+/|) { + ($port = $cgiurl) =~ s|https?://[^:]+:(\d+).*|$1|; + } + # Apache config values my $skin = $apache->dir_config('OILSRedirectSkin') || 'default'; my $depth = $apache->dir_config('OILSRedirectDepth'); @@ -93,7 +99,8 @@ sub handler { } } - my $url = "$proto://$hostname:$port"; + # only encode the port if a nonstandard port was requested. + my $url = $port ? "$proto://$hostname:$port" : "$proto://$hostname"; if($use_tt) { -- 2.11.0