From: Ruediger Pluem <rpluem@apache.org>
Date: Mon, 24 Jul 2006 13:34:19 +0000 (+0000)
Subject: Merge r399947, r406697 from trunk:
X-Git-Tag: 2.2.3~19
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=855ef76388969cc649067682b391afe0789ac73a;p=thirdparty%2Fapache%2Fhttpd.git

Merge r399947, r406697 from trunk:

* Add optional 'scheme://' prefix to ServerName directive.  For
  'https', mod_http returns "https" for the ap_hook_http_scheme and
  DEFAULT_HTTPS_PORT for ap_hook_default_port.  This fixes Redirect
  responses to requests for directories without a trailing slash
  when httpd runs behind a proxy or offload device that processes
  SSL.  It also enables support for Subversion in that
  configuration.  This change is completely backwards compatible
  and passes the perl-framework.  Minor mmn bump because I add a
  field to server_rec.

* Document r399947, addition of optional scheme:// to ServerName directive

PR: 33398
Submitted by: sctemme
Reviewed by: sctemme, rpluem, wrowe


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@425051 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 4839514ce94..16dd45bc544 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,14 @@
                                                         -*- coding: utf-8 -*-
 Changes with Apache 2.2.3
 
+  *) Add optional 'scheme://' prefix to ServerName directive,
+     allowing correct determination of the canonical server URL
+     for use behind a proxy or offload device handling SSL; fixing
+     redirect generation in those cases. PR 33398. [Sander Temme]
+
+  *) Added server_scheme field to server_rec for above. Minor MMN bump.
+     [Sander Temme]
+
   *) mod_cache: Make caching of reverse SSL proxies possible again. PR 39593.
      [Ruediger Pluem, Joe Orton]
 
diff --git a/STATUS b/STATUS
index 7f848ae58db..f9a231e0d8f 100644
--- a/STATUS
+++ b/STATUS
@@ -76,16 +76,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-    * Add optional 'scheme://' part to ServerName directive for cases
-      where httpd runs behind an external SSL processor and has to
-      learn from its configuration how to generate correct
-      self-referential URLs. 
-      Code: 
-      http://people.apache.org/~sctemme/servername_22x.patch
-      Documentation:
-      http://svn.apache.org/viewcvs.cgi?diff_format=h&view=rev&rev=406697
-      +1 sctemme, rpluem, wrowe
-
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
 
     * mod_isapi: Simply backport the host of fixes for compilation on unix,
diff --git a/docs/manual/mod/core.html.en b/docs/manual/mod/core.html.en
index d79f055130e..3f832a6fa5f 100644
--- a/docs/manual/mod/core.html.en
+++ b/docs/manual/mod/core.html.en
@@ -2765,7 +2765,7 @@ to name-virtual hosts</td></tr>
 <table class="directive">
 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Hostname and port that the server uses to identify
 itself</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ServerName <var>fully-qualified-domain-name</var>[:<var>port</var>]</code></td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ServerName [<var>scheme</var>://]<var>fully-qualified-domain-name</var>[:<var>port</var>]</code></td></tr>
 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Core</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>core</td></tr>
@@ -2773,7 +2773,8 @@ itself</td></tr>
      directive supersedes the functionality of the <code class="directive">Port</code>
      directive from version 1.3.</td></tr>
 </table>
-    <p>The <code class="directive">ServerName</code> directive sets the hostname and
+    <p>The <code class="directive">ServerName</code> directive sets the
+    request scheme, hostname and
     port that the server uses to identify itself.  This is used when
     creating redirection URLs. For example, if the name of the
     machine hosting the web server is <code>simple.example.com</code>,
@@ -2788,11 +2789,10 @@ itself</td></tr>
     <p>If no <code class="directive">ServerName</code> is specified, then the
     server attempts to deduce the hostname by performing a reverse
     lookup on the IP address. If no port is specified in the
-    <code class="directive">ServerName</code>, then the server will use the port
-    from the incoming
-    request. For optimal reliability and predictability, you should
-    specify an explicit hostname and port using the
-    <code class="directive">ServerName</code> directive.</p>
+    <code class="directive">ServerName</code>, then the server will use the
+    port from the incoming request. For optimal reliability and
+    predictability, you should specify an explicit hostname and port
+    using the <code class="directive">ServerName</code> directive.</p>
 
     <p>If you are using <a href="../vhosts/name-based.html">name-based virtual hosts</a>,
     the <code class="directive">ServerName</code> inside a
@@ -2800,14 +2800,25 @@ itself</td></tr>
     section specifies what hostname must appear in the request's
     <code>Host:</code> header to match this virtual host.</p>
 
+
+    <p>Sometimes, the server runs behind a device that processes SSL,
+    such as a reverse proxy, load balancer or SSL offload
+    appliance. When this is the case, specify the
+    <code>https://</code> scheme and the port number to which the
+    clients connect in the <code class="directive">ServerName</code> directive
+    to make sure that the server generates the correct
+    self-referential URLs. 
+    </p>
+
     <p>See the description of the
     <code class="directive"><a href="#usecanonicalname">UseCanonicalName</a></code> and
     <code class="directive"><a href="#usecanonicalphysicalport">UseCanonicalPhysicalPort</a></code>directives for
-    settings which determine whether self-referential URL's (e.g., by the
+    settings which determine whether self-referential URLs (e.g., by the
     <code class="module"><a href="../mod/mod_dir.html">mod_dir</a></code> module) will refer to the
     specified port, or to the port number given in the client's request.
     </p>
 
+
 <h3>See also</h3>
 <ul>
 <li><a href="../dns-caveats.html">Issues Regarding DNS and
diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml
index 118fbfb502b..d03ba6ded38 100644
--- a/docs/manual/mod/core.xml
+++ b/docs/manual/mod/core.xml
@@ -2752,7 +2752,7 @@ to name-virtual hosts</description>
 <name>ServerName</name>
 <description>Hostname and port that the server uses to identify
 itself</description>
-<syntax>ServerName <var>fully-qualified-domain-name</var>[:<var>port</var>]</syntax>
+<syntax>ServerName [<var>scheme</var>://]<var>fully-qualified-domain-name</var>[:<var>port</var>]</syntax>
 <contextlist><context>server config</context><context>virtual host</context>
 </contextlist>
 <compatibility>In version 2.0, this
@@ -2760,7 +2760,8 @@ itself</description>
      directive from version 1.3.</compatibility>
 
 <usage>
-    <p>The <directive>ServerName</directive> directive sets the hostname and
+    <p>The <directive>ServerName</directive> directive sets the
+    request scheme, hostname and
     port that the server uses to identify itself.  This is used when
     creating redirection URLs. For example, if the name of the
     machine hosting the web server is <code>simple.example.com</code>,
@@ -2775,11 +2776,10 @@ itself</description>
     <p>If no <directive>ServerName</directive> is specified, then the
     server attempts to deduce the hostname by performing a reverse
     lookup on the IP address. If no port is specified in the
-    <directive>ServerName</directive>, then the server will use the port
-    from the incoming
-    request. For optimal reliability and predictability, you should
-    specify an explicit hostname and port using the
-    <directive>ServerName</directive> directive.</p>
+    <directive>ServerName</directive>, then the server will use the
+    port from the incoming request. For optimal reliability and
+    predictability, you should specify an explicit hostname and port
+    using the <directive>ServerName</directive> directive.</p>
 
     <p>If you are using <a
     href="../vhosts/name-based.html">name-based virtual hosts</a>,
@@ -2788,13 +2788,24 @@ itself</description>
     section specifies what hostname must appear in the request's
     <code>Host:</code> header to match this virtual host.</p>
 
+
+    <p>Sometimes, the server runs behind a device that processes SSL,
+    such as a reverse proxy, load balancer or SSL offload
+    appliance. When this is the case, specify the
+    <code>https://</code> scheme and the port number to which the
+    clients connect in the <directive>ServerName</directive> directive
+    to make sure that the server generates the correct
+    self-referential URLs. 
+    </p>
+
     <p>See the description of the
     <directive module="core">UseCanonicalName</directive> and
     <directive module="core">UseCanonicalPhysicalPort</directive>directives for
-    settings which determine whether self-referential URL's (e.g., by the
+    settings which determine whether self-referential URLs (e.g., by the
     <module>mod_dir</module> module) will refer to the
     specified port, or to the port number given in the client's request.
     </p>
+
 </usage>
 
 <seealso><a href="../dns-caveats.html">Issues Regarding DNS and
diff --git a/docs/manual/mod/quickreference.html.en b/docs/manual/mod/quickreference.html.en
index 8f0b40f7423..1513e0d5747 100644
--- a/docs/manual/mod/quickreference.html.en
+++ b/docs/manual/mod/quickreference.html.en
@@ -613,7 +613,7 @@ messages sent to the client</td></tr>
 <tr><td><a href="core.html#serveralias">ServerAlias <var>hostname</var> [<var>hostname</var>] ...</a></td><td></td><td>v</td><td>C</td></tr><tr><td class="descr" colspan="4">Alternate names for a host used when matching requests
 to name-virtual hosts</td></tr>
 <tr class="odd"><td><a href="mpm_common.html#serverlimit">ServerLimit <var>number</var></a></td><td></td><td>s</td><td>M</td></tr><tr class="odd"><td class="descr" colspan="4">Upper limit on configurable number of processes</td></tr>
-<tr><td><a href="core.html#servername">ServerName <var>fully-qualified-domain-name</var>[:<var>port</var>]</a></td><td></td><td>sv</td><td>C</td></tr><tr><td class="descr" colspan="4">Hostname and port that the server uses to identify
+<tr><td><a href="core.html#servername">ServerName [<var>scheme</var>://]<var>fully-qualified-domain-name</var>[:<var>port</var>]</a></td><td></td><td>sv</td><td>C</td></tr><tr><td class="descr" colspan="4">Hostname and port that the server uses to identify
 itself</td></tr>
 <tr class="odd"><td><a href="core.html#serverpath">ServerPath <var>URL-path</var></a></td><td></td><td>v</td><td>C</td></tr><tr class="odd"><td class="descr" colspan="4">Legacy URL pathname for a name-based virtual host that
 is accessed by an incompatible browser</td></tr>
diff --git a/include/ap_mmn.h b/include/ap_mmn.h
index 40c9bb63d3d..c323093e2fd 100644
--- a/include/ap_mmn.h
+++ b/include/ap_mmn.h
@@ -110,6 +110,7 @@
  * 20051115.1 (2.2.1)  flush_packets and flush_wait members added to
  *                         proxy_server (minor)
  * 20051115.2 (2.2.2)  added inreslist member to proxy_conn_rec (minor)
+ * 20051115.3 (2.2.3)  Added server_scheme member to server_rec (minor)
  */
 
 #define MODULE_MAGIC_COOKIE 0x41503232UL /* "AP22" */
@@ -117,7 +118,7 @@
 #ifndef MODULE_MAGIC_NUMBER_MAJOR
 #define MODULE_MAGIC_NUMBER_MAJOR 20051115
 #endif
-#define MODULE_MAGIC_NUMBER_MINOR 2                     /* 0...n */
+#define MODULE_MAGIC_NUMBER_MINOR 3                     /* 0...n */
 
 /**
  * Determine if the server's current MODULE_MAGIC_NUMBER is at least a
diff --git a/include/httpd.h b/include/httpd.h
index a496ce66616..35124541a0d 100644
--- a/include/httpd.h
+++ b/include/httpd.h
@@ -1193,6 +1193,9 @@ struct server_rec {
     int limit_req_fieldsize;
     /** limit on number of request header fields  */
     int limit_req_fields; 
+
+    /** The server request scheme for redirect responses */
+    const char *server_scheme;
 };
 
 typedef struct core_output_filter_ctx {
diff --git a/modules/http/http_core.c b/modules/http/http_core.c
index 81038543dfc..b52b547786d 100644
--- a/modules/http/http_core.c
+++ b/modules/http/http_core.c
@@ -99,11 +99,23 @@ static const command_rec http_cmds[] = {
 
 static const char *http_scheme(const request_rec *r)
 {
+    /* 
+     * The http module shouldn't return anything other than 
+     * "http" (the default) or "https".
+     */
+    if (r->server->server_scheme &&
+        (strcmp(r->server->server_scheme, "https") == 0))
+        return "https";
+    
     return "http";
 }
 
 static apr_port_t http_port(const request_rec *r)
 {
+    if (r->server->server_scheme &&
+        (strcmp(r->server->server_scheme, "https") == 0))
+        return DEFAULT_HTTPS_PORT;
+    
     return DEFAULT_HTTP_PORT;
 }
 
diff --git a/server/config.c b/server/config.c
index 63c21e0058f..8eed98b0638 100644
--- a/server/config.c
+++ b/server/config.c
@@ -1855,6 +1855,7 @@ AP_CORE_DECLARE(const char *) ap_init_virtual_host(apr_pool_t *p,
     s->process = main_server->process;
     s->server_admin = NULL;
     s->server_hostname = NULL;
+    s->server_scheme = NULL;
     s->error_fname = NULL;
     s->timeout = 0;
     s->keep_alive_timeout = 0;
@@ -1940,6 +1941,7 @@ static server_rec *init_server_config(process_rec *process, apr_pool_t *p)
     s->port = 0;
     s->server_admin = DEFAULT_ADMIN;
     s->server_hostname = NULL;
+    s->server_scheme = NULL;
     s->error_fname = DEFAULT_ERRORLOG;
     s->loglevel = DEFAULT_LOGLEVEL;
     s->limit_req_line = DEFAULT_LIMIT_REQUEST_LINE;
diff --git a/server/core.c b/server/core.c
index 61c6a067c56..3cf40444bd1 100644
--- a/server/core.c
+++ b/server/core.c
@@ -2306,20 +2306,40 @@ static const char *set_server_string_slot(cmd_parms *cmd, void *dummy,
     return NULL;
 }
 
+/*
+ * The ServerName directive takes one argument with format
+ * [scheme://]fully-qualified-domain-name[:port], for instance
+ * ServerName www.example.com
+ * ServerName www.example.com:80
+ * ServerName https://www.example.com:443
+ */
+
 static const char *server_hostname_port(cmd_parms *cmd, void *dummy, const char *arg)
 {
     const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
-    const char *portstr;
+    const char *portstr, *part;
+    char *scheme;
     int port;
 
     if (err != NULL) {
         return err;
     }
 
-    portstr = ap_strchr_c(arg, ':');
+    part = ap_strstr_c(arg, "://");
+
+    if (part) {
+      scheme = apr_pstrmemdup(cmd->pool, arg, part - arg);
+      ap_str_tolower(scheme);
+      cmd->server->server_scheme = scheme;
+      part += 3;
+    } else {
+      part = arg;
+    }
+
+    portstr = ap_strchr_c(part, ':');
     if (portstr) {
-        cmd->server->server_hostname = apr_pstrndup(cmd->pool, arg,
-                                                    portstr - arg);
+        cmd->server->server_hostname = apr_pstrmemdup(cmd->pool, part,
+                                                      portstr - part);
         portstr++;
         port = atoi(portstr);
         if (port <= 0 || port >= 65536) { /* 65536 == 1<<16 */
@@ -2329,7 +2349,7 @@ static const char *server_hostname_port(cmd_parms *cmd, void *dummy, const char
         }
     }
     else {
-        cmd->server->server_hostname = apr_pstrdup(cmd->pool, arg);
+        cmd->server->server_hostname = apr_pstrdup(cmd->pool, part);
         port = 0;
     }