Remove all special mod_ssl URIs. This also fixes the bug where

redirecting (.*) will allow an SSL protected page to be viewed without SSL. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@95501 13f79535-47bb-0310-9956-ffa450edef68
2025-08-08 15:02:10 +03:00 · 2002-06-04 07:12:26 +00:00
parent fcb0beca86
commit 37f858acc6
5 changed files with 47 additions and 53 deletions
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -174,6 +174,34 @@ int ssl_hook_ReadReq(request_rec *r)
        return DECLINED;
    }

+    if (sslconn->non_ssl_request) {
+        const char *errmsg;
+        char *thisurl;
+        char *thisport = "";
+        int port = ap_get_server_port(r);
+
+        if (!ap_is_default_port(port, r)) {
+            thisport = apr_psprintf(r->pool, ":%u", port);
+        }
+
+        thisurl = ap_escape_html(r->pool,
+                                 apr_psprintf(r->pool, "https://%s%s/",
+                                              ap_get_server_name(r),
+                                              thisport));
+
+        errmsg = apr_psprintf(r->pool,
+                              "Reason: You're speaking plain HTTP "
+                              "to an SSL-enabled server port.<br />\n"
+                              "Instead use the HTTPS scheme to access "
+                              "this URL, please.<br />\n"
+                              "<blockquote>Hint: "
+                              "<a href=\"%s\"><b>%s</b></a></blockquote>",
+                              thisurl, thisurl);
+
+        apr_table_setn(r->notes, "error-notes", errmsg);
+        return HTTP_BAD_REQUEST;
+    }
+
    /*
     * Get the SSL connection structure and perform the
     * delayed interlinking from SSL back to request_rec
@@ -182,13 +210,6 @@ int ssl_hook_ReadReq(request_rec *r)
        SSL_set_app_data2(ssl, r);
    }

-    /*
-     * Force the mod_ssl content handler when URL indicates this
-     */
-    if (strEQn(r->uri, "/mod_ssl:", 9)) {
-        r->handler = "mod_ssl:content-handler";
-    }
-
    return DECLINED;
 }

@@ -264,49 +285,6 @@ int ssl_hook_Translate(request_rec *r)
    return DECLINED;
 }

-/*
- *  Content Handler
- */
-int ssl_hook_Handler(request_rec *r)
-{
-    if (strNE(r->handler, "mod_ssl:content-handler")) {
-        return DECLINED;
-    }
-
-    if (strNEn(r->uri, "/mod_ssl:", 9)) {
-        return DECLINED;
-    }
-
-    if (strEQ(r->uri, "/mod_ssl:error:HTTP-request")) {
-        const char *errmsg;
-        char *thisurl;
-        char *thisport = "";
-        int port = ap_get_server_port(r);
-
-        if (!ap_is_default_port(port, r)) {
-            thisport = apr_psprintf(r->pool, ":%u", port);
-        }
-
-        thisurl = ap_escape_html(r->pool,
-                                 apr_psprintf(r->pool, "https://%s%s/",
-                                              ap_get_server_name(r),
-                                              thisport));
-
-        errmsg = apr_psprintf(r->pool,
-                              "Reason: You're speaking plain HTTP "
-                              "to an SSL-enabled server port.<br />\n"
-                              "Instead use the HTTPS scheme to access "
-                              "this URL, please.<br />\n"
-                              "<blockquote>Hint: "
-                              "<a href=\"%s\"><b>%s</b></a></blockquote>",
-                              thisurl, thisurl);
-
-        apr_table_setn(r->notes, "error-notes", errmsg);
-    }
-
-    return HTTP_BAD_REQUEST;
-}
-
 /*
 *  Access Handler
 */