From 84e6a7db1684ad52f641b441997cd1a896306849 Mon Sep 17 00:00:00 2001 From: Bill Erickson Date: Mon, 17 Apr 2017 14:09:10 -0400 Subject: [PATCH] LP#1648234 IP Redirect honors client port IP-based redirection now redirects the client to the same port number originally requsted by the client, instead of using the port that the Apache server is listening on. This prevents internal Apache from leaking to the caller when a proxy is used. Signed-off-by: Bill Erickson Signed-off-by: Ben Shum --- Open-ILS/src/perlmods/lib/OpenILS/WWW/Redirect.pm | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/Open-ILS/src/perlmods/lib/OpenILS/WWW/Redirect.pm b/Open-ILS/src/perlmods/lib/OpenILS/WWW/Redirect.pm index d55c01f122..c0533dbff5 100644 --- a/Open-ILS/src/perlmods/lib/OpenILS/WWW/Redirect.pm +++ b/Open-ILS/src/perlmods/lib/OpenILS/WWW/Redirect.pm @@ -56,11 +56,17 @@ sub handler { my $apache = shift; my $cgi = CGI->new( $apache ); - my $port = $cgi->server_port(); my $hostname = $cgi->server_name(); my $proto = ($cgi->https) ? 'https' : 'http'; my $user_ip = $ENV{REMOTE_ADDR}; + # Extract the port number from the user requested URL. + my $port = ''; + my $cgiurl = $cgi->url; + if ($cgiurl =~ m|https?://[^:]+:\d+/|) { + ($port = $cgiurl) =~ s|https?://[^:]+:(\d+).*|$1|; + } + # Apache config values my $skin = $apache->dir_config('OILSRedirectSkin') || 'default'; my $depth = $apache->dir_config('OILSRedirectDepth'); @@ -93,7 +99,8 @@ sub handler { } } - my $url = "$proto://$hostname:$port"; + # only encode the port if a nonstandard port was requested. + my $url = $port ? "$proto://$hostname:$port" : "$proto://$hostname"; if($use_tt) { -- 2.11.0