httpd
httpd copied to clipboard
reyk
Unneeded escaping in $REQUEST_URI variable
I want to serve my site from https://example.com and redirect other requests to this location. I made the following httpd.conf:
server "default" {
listen on 1.2.3.4 port 80
block return 301 "https://vbezhenar.com$REQUEST_URI"
}
server "vbezhenar.com" {
listen on 1.2.3.4 tls port 443
tls certificate "/etc/ssl/example.com.crt"
tls key "/etc/ssl/private/example.com.key"
}
now I'm issuing request to the url http://example.com/path?a=b&c=d :
GET /path?a=b&c=d HTTP/1.1
Host: example.com
and receiving redirect to https://example.com/path%3Fa=b%26c=d
HTTP/1.0 301 Moved Permanently
Date: Sat, 26 Sep 2015 15:12:44 GMT
Server: OpenBSD httpd
Connection: close
Content-Type: text/html
Content-Length: 374
Location: https://example.com/path%3Fa=b%26c=d
This is wrong redirect: it URI-encodes "?" and "&" corrupting initial request.
There should be some way to preserve request URI.
Can confirm: http://marc.info/?l=openbsd-cvs&m=146307679702630&w=2.
This is because http://bxr.su/o/usr.sbin/httpd/server_http.c#server_expand_http always calls http://bxr.su/o/usr.sbin/httpd/httpd.c#url_encode on http_query, thus you'll keep getting it re-encoded all over again with each subsequent Location.
