From 90c6edccd9473213c2fd4826216891989234f47e Mon Sep 17 00:00:00 2001 From: Yann Ylavic Date: Fri, 13 Oct 2017 08:42:57 +0000 Subject: [PATCH] Merge r1808746, r1809028 from trunk: mod_rewrite/core: avoid the 'Vary: Host' header In PR 58231 is was brought up that httpd adds the Vary: Host header whenever a condition is set to true in mod_rewrite or in an block. The https://tools.ietf.org/html/rfc7231#section-7.1.4 section seems to disallow this use case: "The "Vary" header field in a response describes " "what parts of a request message, " "aside from the method, Host header field, [...]" I had a chat with the folks in #traffic-server and they don't see much point in having a Vary: Host header, plus it was reported that Varnish doesn't like it very much (namely it does not cache the response when it sees the header, links of the report in the PR). I don't see much value in this behavior of httpd so I am inclined to remove this response header value, but I'd be glad to get a more experienced opinion. mod_rewrite,core: avoid Vary:Host (part 2) This is a follow up of r1808746 after a chat with Yann on dev@: - the HTTP:Host variable suffers from the same problem - the strcasecmp should be used to allow case-sensitive comparisons. - in mod_rewrite is less cumbersome and more clean to just make the Host header check in lookup_header, so it will be automatically picked up by every part of the code that uses it. It shouldn't be a relevant overhead for mod_rewrite. Submitted by: elukey Reviewed by: elukey, ylavic, wrowe git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1812083 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 +++ STATUS | 7 ------- modules/mappers/mod_rewrite.c | 5 ++++- server/util_expr_eval.c | 14 ++++++++++++-- 4 files changed, 19 insertions(+), 10 deletions(-) diff --git a/CHANGES b/CHANGES index 401c3ca2a7..da19366288 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.4.29 + *) mod_rewrite, core: Avoid the 'Vary: Host' response header when HTTP_HOST + is used in a condition that evaluates to true. PR 58231 [Luca Toscano] + *) mod_http2: v0.10.12, removed optimization for mutex handling in bucket beams that could lead to assertion failure in edge cases. [Stefan Eissing] diff --git a/STATUS b/STATUS index bc444e1f55..d7ca61c81e 100644 --- a/STATUS +++ b/STATUS @@ -128,13 +128,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - *) mod_rewrite,core: Avoid the 'Vary: Host' response header when HTTP_HOST - is used in a condition that evaluates to true. - trunk patch: http://svn.apache.org/r1808746 - http://svn.apache.org/r1809028 - 2.4.x patch: svn merge -c 1808746,1809028 ^/httpd/httpd/trunk . - +1: elukey, ylavic, wrowe - PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ New proposals should be added at the end of the list ] diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c index b5c73f7935..05414c49cc 100644 --- a/modules/mappers/mod_rewrite.c +++ b/modules/mappers/mod_rewrite.c @@ -1802,7 +1802,10 @@ static const char *lookup_header(const char *name, rewrite_ctx *ctx) { const char *val = apr_table_get(ctx->r->headers_in, name); - if (val) { + /* Skip the 'Vary: Host' header combination + * as indicated in rfc7231 section-7.1.4 + */ + if (val && strcasecmp(name, "Host") != 0) { ctx->vary_this = ctx->vary_this ? apr_pstrcat(ctx->r->pool, ctx->vary_this, ", ", name, NULL) diff --git a/server/util_expr_eval.c b/server/util_expr_eval.c index b1cb9235d1..a24eaef67b 100644 --- a/server/util_expr_eval.c +++ b/server/util_expr_eval.c @@ -1001,7 +1001,12 @@ static const char *req_table_func(ap_expr_eval_ctx_t *ctx, const void *data, t = ctx->r->headers_in; else { /* req, http */ t = ctx->r->headers_in; - add_vary(ctx, arg); + /* Skip the 'Vary: Host' header combination + * as indicated in rfc7231 section-7.1.4 + */ + if (strcasecmp(arg, "Host")){ + add_vary(ctx, arg); + } } return apr_table_get(t, arg); } @@ -1467,7 +1472,12 @@ static const char *req_header_var_fn(ap_expr_eval_ctx_t *ctx, const void *data) return ""; name = req_header_header_names[index]; - add_vary(ctx, name); + /* Skip the 'Vary: Host' header combination + * as indicated in rfc7231 section-7.1.4 + */ + if (strcasecmp(name, "Host")){ + add_vary(ctx, name); + } return apr_table_get(ctx->r->headers_in, name); } -- 2.40.0