HTTPS environment variable is set after .htacces is parsed

--VrqPEDrXMn8OVzN4
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

hi again,

with reference to debian bug report #103609 [1], a debian user states
that HTTPS environment variable is still not set during the parsinig
of .htacces.

i'm quoting the relevant part from that report.

------------- CUT HERE ---------------

This ought to work in .htaccess:

order deny,allow
deny from all
allow from 127.0.0.1
allow from env=HTTPS

....

I can see the HTTPS environment variable in the output if I call
a cgi script that dumps the environment, so it's there, it's just
that somehow at the time that .htaccess is parsed it isn't available
to 'allow from env=' statements yet.

------------- CUT HERE ---------------

i reproduced it with apache 1.3.27 and mod_ssl 2.8.12. so, if it is a
bug, is still present in most recent versions.

any comment?

cheers
cavok

[1] http://bugs.debian.org/103609

-----[ Domenico Andreoli, aka cavok
--[ http://filibusta.crema.unimi.it/~cavok/gpgkey.asc
---[ 3A0F 2F80 F79C 678A 8936 4FEE 0677 9033 A20E BC50

--VrqPEDrXMn8OVzN4
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+YNb8BneQM6IOvFARAv5jAKDD/8M9+VnnQCPGnnnObETSOyDvwACf SHCW
aqx19sZN50xau9yVfrKmUKM=
=NIoV
-----END PGP SIGNATURE-----

--VrqPEDrXMn8OVzN4--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: HTTPS environment variable is set after .htacces is parsed

On Sat, 1 Mar 2003, Domenico Andreoli wrote:

> order deny,allow
> deny from all
> allow from 127.0.0.1
> allow from env=HTTPS

Why do you need that env var? Use this instead:


order deny,allow
deny from all
allow from 127.0.0.1
SSLRequireSSL


--Cliff
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: HTTPS environment variable is set after .htacces is parsed

On Sat, 1 Mar 2003, Domenico Andreoli wrote:

> dunno, bug submitter used it. shouldn't it work anyway?

Environment variables are, as a rule, set late in the process because the
use of them has a relatively large performance penalty. They're really
only there for communicating with CGI scripts and the like.

--Cliff
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: HTTPS environment variable is set after .htacces is parsed

--NDin8bjvE/0mNLFQ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Mar 01, 2003 at 11:02:22AM -0500, Cliff Woolley wrote:
> On Sat, 1 Mar 2003, Domenico Andreoli wrote:
>=20
> > order deny,allow
> > deny from all
> > allow from 127.0.0.1
> > allow from env=3DHTTPS
>=20
> Why do you need that env var? Use this instead:
dunno, bug submitter used it. shouldn't it work anyway?

> order deny,allow
> deny from all
> allow from 127.0.0.1
> SSLRequireSSL
>=20
i'll forward him your answer.

thanks
cavok

-----[ Domenico Andreoli, aka cavok
--[ http://filibusta.crema.unimi.it/~cavok/gpgkey.asc
---[ 3A0F 2F80 F79C 678A 8936 4FEE 0677 9033 A20E BC50

--NDin8bjvE/0mNLFQ
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+YN6NBneQM6IOvFARAveBAJ9SRLCGhsq/FbSigoxPTbYlYze1bgCg 5eYd
/WvzLzR2hO3a/qNUHzVhNOw=
=1B4I
-----END PGP SIGNATURE-----

--NDin8bjvE/0mNLFQ--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: HTTPS environment variable is set after .htacces is parsed

--Fig2xvG2VGoz8o/s
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Mar 01, 2003 at 11:16:11AM -0500, Cliff Woolley wrote:
> On Sat, 1 Mar 2003, Domenico Andreoli wrote:
>=20
> > dunno, bug submitter used it. shouldn't it work anyway?
>=20
> Environment variables are, as a rule, set late in the process because the
> use of them has a relatively large performance penalty. They're really
> only there for communicating with CGI scripts and the like.
>=20
it sounds to me a clear explanation of the problem.

thanks again
domenico

-----[ Domenico Andreoli, aka cavok
--[ http://filibusta.crema.unimi.it/~cavok/gpgkey.asc
---[ 3A0F 2F80 F79C 678A 8936 4FEE 0677 9033 A20E BC50

--Fig2xvG2VGoz8o/s
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+YOBwBneQM6IOvFARArwkAJ0UFRC5ccwJZTmiRuj0P+AFpmAIQwCg 5lAQ
eeeaCt/ysvMFWVgWcDgAwpI=
=dvy2
-----END PGP SIGNATURE-----

--Fig2xvG2VGoz8o/s--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: HTTPS environment variable is set after .htacces is parsed

On Sat, Mar 01, 2003 at 11:02:22AM -0500, Cliff Woolley wrote:
> On Sat, 1 Mar 2003, Domenico Andreoli wrote:
>
> > order deny,allow
> > deny from all
> > allow from 127.0.0.1
> > allow from env=HTTPS
>
> Why do you need that env var? Use this instead:
>
>
> order deny,allow
> deny from all
> allow from 127.0.0.1
> SSLRequireSSL
>
>

after some thinking at it, i see you answer is not suitable for my
needs. indeed, your mandates the use of SSL, while mine allowed access
from localhost *or* SSL.

i need something that can be put into allow directive...

thanks
cavok

-----[ Domenico Andreoli, aka cavok
--[ http://filibusta.crema.unimi.it/~cavok/gpgkey.asc
---[ 3A0F 2F80 F79C 678A 8936 4FEE 0677 9033 A20E BC50
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: HTTPS environment variable is set after .htacces is parsed

On Mon, 10 Mar 2003, Domenico Andreoli wrote:

> > order deny,allow
> > deny from all
> > allow from 127.0.0.1
> > SSLRequireSSL
>
> after some thinking at it, i see you answer is not suitable for my
> needs. indeed, your mandates the use of SSL, while mine allowed access
> from localhost *or* SSL.

Okay then, do this:

order deny,allow
deny from all
allow from 127.0.0.1
SSLRequireSSL
Satisfy any

--Cliff
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org