From d930b6abd6a137cb3a3e11d0b7da36d9eeb9fe7e Mon Sep 17 00:00:00 2001 From: Bill Erickson Date: Mon, 17 Apr 2017 14:09:10 -0400 Subject: [PATCH] LP#1648234 IP Redirect honors client port IP-based redirection now redirects the client to the same port number originally requsted by the client, instead of using the port that the Apache server is listening on. This prevents internal Apache from leaking to the caller when a proxy is used. Signed-off-by: Bill Erickson Signed-off-by: Ben Shum --- Open-ILS/src/perlmods/lib/OpenILS/WWW/Redirect.pm | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/Open-ILS/src/perlmods/lib/OpenILS/WWW/Redirect.pm b/Open-ILS/src/perlmods/lib/OpenILS/WWW/Redirect.pm index d55c01f122..c0533dbff5 100644 --- a/Open-ILS/src/perlmods/lib/OpenILS/WWW/Redirect.pm +++ b/Open-ILS/src/perlmods/lib/OpenILS/WWW/Redirect.pm @@ -56,11 +56,17 @@ sub handler { my $apache = shift; my $cgi = CGI->new( $apache ); - my $port = $cgi->server_port(); my $hostname = $cgi->server_name(); my $proto = ($cgi->https) ? 'https' : 'http'; my $user_ip = $ENV{REMOTE_ADDR}; + # Extract the port number from the user requested URL. + my $port = ''; + my $cgiurl = $cgi->url; + if ($cgiurl =~ m|https?://[^:]+:\d+/|) { + ($port = $cgiurl) =~ s|https?://[^:]+:(\d+).*|$1|; + } + # Apache config values my $skin = $apache->dir_config('OILSRedirectSkin') || 'default'; my $depth = $apache->dir_config('OILSRedirectDepth'); @@ -93,7 +99,8 @@ sub handler { } } - my $url = "$proto://$hostname:$port"; + # only encode the port if a nonstandard port was requested. + my $url = $port ? "$proto://$hostname:$port" : "$proto://$hostname"; if($use_tt) { -- 2.11.0