From 714394efe3a4fc4aa8eac02f4de5823dad561fc0 Mon Sep 17 00:00:00 2001 From: Luca Toscano Date: Wed, 20 Sep 2017 13:03:41 +0000 Subject: [PATCH] mod_rewrite,core: avoid Vary:Host (part 2) This is a follow up of r1808746 after a chat with Yann on dev@: - the HTTP:Host variable suffers from the same problem - the strcasecmp should be used to allow case-sensitive comparisons. - in mod_rewrite is less cumbersome and more clean to just make the Host header check in lookup_header, so it will be automatically picked up by every part of the code that uses it. It shouldn't be a relevant overhead for mod_rewrite. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1809028 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 2 +- modules/mappers/mod_rewrite.c | 10 +++++----- server/util_expr_eval.c | 9 +++++++-- 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/CHANGES b/CHANGES index 6c49864344..2e6b9ea8da 100644 --- a/CHANGES +++ b/CHANGES @@ -5,7 +5,7 @@ Changes with Apache 2.5.0 PR 38923 [Nick Kew] *) mod_rewrite, core: Avoid the 'Vary: Host' response header when HTTP_HOST is - used in a condition that evaluates to true. PR 58231 [Luca Toscano] + used in a condition that evaluates to true. PR 58231 [Luca Toscano, Yann Ylavic] *) mod_md: v0.9.6: a "MDRequireHttps permament" configured domain automatically sends out HSTS (rfc 6797) headers in https: responses. [Stefan Eissing] diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c index e94a65641c..bc8f52d610 100644 --- a/modules/mappers/mod_rewrite.c +++ b/modules/mappers/mod_rewrite.c @@ -1808,7 +1808,10 @@ static const char *lookup_header(const char *name, rewrite_ctx *ctx) { const char *val = apr_table_get(ctx->r->headers_in, name); - if (val) { + /* Skip the 'Vary: Host' header combination + * as indicated in rfc7231 section-7.1.4 + */ + if (val && strcasecmp(name, "Host") != 0) { ctx->vary_this = ctx->vary_this ? apr_pstrcat(ctx->r->pool, ctx->vary_this, ", ", name, NULL) @@ -2035,10 +2038,7 @@ static char *lookup_variable(char *var, rewrite_ctx *ctx) case 'S': if (!strcmp(var, "HTTP_HOST")) { - /* Skip the 'Vary: Host' header combination - * as indicated in rfc7231 section-7.1.4 - */ - result = apr_table_get(ctx->r->headers_in, "Host"); + result = lookup_header("Host", ctx); } break; diff --git a/server/util_expr_eval.c b/server/util_expr_eval.c index bf579d70cd..697bc4dcc0 100644 --- a/server/util_expr_eval.c +++ b/server/util_expr_eval.c @@ -1044,7 +1044,12 @@ static const char *req_table_func(ap_expr_eval_ctx_t *ctx, const void *data, t = ctx->r->headers_in; else { /* req, http */ t = ctx->r->headers_in; - add_vary(ctx, arg); + /* Skip the 'Vary: Host' header combination + * as indicated in rfc7231 section-7.1.4 + */ + if (strcasecmp(arg, "Host")){ + add_vary(ctx, arg); + } } return apr_table_get(t, arg); } @@ -1609,7 +1614,7 @@ static const char *req_header_var_fn(ap_expr_eval_ctx_t *ctx, const void *data) /* Skip the 'Vary: Host' header combination * as indicated in rfc7231 section-7.1.4 */ - if (strcmp(name, "Host")){ + if (strcasecmp(name, "Host")){ add_vary(ctx, name); } return apr_table_get(ctx->r->headers_in, name); -- 2.40.0