Item1872: Support for https URL rewriting based on port numbers
Priority: Enhancement
Current State: No Action Required
Released In:
Target Release: n/a
Applies To: Engine
Component:
Branches:
Assume you have a reverse proxy which supports HTTP or HTTPS. You want that guest access to the wiki goes through HTTP (or possibly HTTPS), and that authenticated access goes through HTTPS
and stays there. However, your wiki is not on a SSL-enabled machine (the SSL engine is the reverse proxy). You use a combination of ports to detect whether the request was SSL or not
(e.g. port 80: http, port 81: the initial request before the proxy was SSL). You also want Foswiki to detect the used port (81) and prefix
https:// to all URLs. Else some auth cookie could travel
uncrypted.
This adds a new configuration entry, MapPortsToProtocols, which can be defined as follows:
$Foswiki::cfg{MapPortsToProtocols} = { '81' => 'https' };<
diff -uP /var/lib/foswiki/lib/Foswiki.pm.distrib /var/lib/foswiki/lib/Foswiki.pm
--- /var/lib/foswiki/lib/Foswiki.pm.distrib 2009-06-21 21:22:25.000000000 +0000
+++ /var/lib/foswiki/lib/Foswiki.pm 2009-08-01 10:02:16.000000000 +0000
@@ -1442,6 +1442,16 @@
elsif ( $Foswiki::cfg{RemovePortNumber} ) {
$this->{urlHost} =~ s/\:[0-9]+$//;
}
+ # schaefer@alphanet.ch
+ elsif (defined($Foswiki::cfg{MapPortsToProtocols})
+ && ($ENV{HTTP_HOST} =~ /:([0-9]+)$/)) {
+ if (exists($Foswiki::cfg{MapPortsToProtocols}->{$1})) {
+ my $proto = $Foswiki::cfg{MapPortsToProtocols}->{$1};
+
+ $this->{urlHost} =~ s/^https*/$proto/;
+ }
+ }
+
}
else {
$this->{urlHost} = $Foswiki::cfg{DefaultUrlHost};
The feature request
IntroduceForceDefaultUrlHostToggle is related. Maybe we can combine these two things. Please add a comment to that feature request or open a new FR in the Development web.
Setting this to No Action. Can be re-opened, if the FR is accepted.
--
OliverKrueger - 01 Aug 2009