[dns-operations] bug in Apache handling of real FQDNs
TOURNAT Guillaume
gtournat at tibco.fr
Mon Jun 8 08:32:28 UTC 2015
Even after adding your rewrite rules, it doesn't change Apache behaviour. It
seems that redirection does not occur.
Bad Request
Your browser sent a request that this server could not understand.
-----Message d'origine-----
De : dns-operations [mailto:dns-operations-bounces at dns-oarc.net] De la part
de Craig Leres
Envoyé : dimanche 7 juin 2015 00:11
À : Fred Morris; dns-operations at dns-oarc.net
Objet : Re: [dns-operations] bug in Apache handling of real FQDNs
On 6/6/2015 10:56 AM, Fred Morris wrote:
> By "real" I mean "really fully qualified", as in "ending in a dot".
>
> Try this:
>
> https://apache.org.
>
> Take note of the final dot. (Try https://apache.org./foo if you like.)
> In any case what you'll see is:
>
> 1) You get asked to accept an untrusted cert.
>
> 2) You get 400 Bad Request.
>
> Thoughts? Comments? Worth reporting?
Here are apache rewrite rules that redirect to the url without the trailing
dot:
RewriteEngine On
# Don't switch protocols
RewriteCond %{HTTPS} =on
RewriteRule ^(.+)$ - [env=myproto:https]
RewriteCond %{HTTPS} !=on
RewriteRule ^(.+)$ - [env=myproto:http]
# Remove trailing dot
RewriteCond %{HTTP_HOST} ^(.*)\.$
RewriteRule ^(.*)$ %{ENV:myproto}://%1$1 [R=301,L]
Craig
_______________________________________________
dns-operations mailing list
dns-operations at lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4803 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20150608/cb8db6dd/attachment.bin>
More information about the dns-operations
mailing list