[dns-operations] bug in Apache handling of real FQDNs
Craig Leres
leres at ee.lbl.gov
Sat Jun 6 22:11:00 UTC 2015
On 6/6/2015 10:56 AM, Fred Morris wrote:
> By "real" I mean "really fully qualified", as in "ending in a dot".
>
> Try this:
>
> https://apache.org.
>
> Take note of the final dot. (Try https://apache.org./foo if you like.) In any
> case what you'll see is:
>
> 1) You get asked to accept an untrusted cert.
>
> 2) You get 400 Bad Request.
>
> Thoughts? Comments? Worth reporting?
Here are apache rewrite rules that redirect to the url without the
trailing dot:
RewriteEngine On
# Don't switch protocols
RewriteCond %{HTTPS} =on
RewriteRule ^(.+)$ - [env=myproto:https]
RewriteCond %{HTTPS} !=on
RewriteRule ^(.+)$ - [env=myproto:http]
# Remove trailing dot
RewriteCond %{HTTP_HOST} ^(.*)\.$
RewriteRule ^(.*)$ %{ENV:myproto}://%1$1 [R=301,L]
Craig
More information about the dns-operations
mailing list