Apache-2.4
Apache 在 SSL 上忽略的 RewriteEngine 規則
我在 CentOS 7.6 上使用標準的 Apache 2.4.6-88 包,使用 HTTP 有一個可用的 Apache 設置。我正在嘗試在伺服器上啟用 HTTPS,一切正常,除了我的 RewriteEngine 規則。我在任何地方都找不到關於 mod_ssl 不支持 RewriteEngine 的任何提及。
我通過安裝 mod_ssl 包啟用了 HTTPS,而 Apache 現在在同一個設置中同時提供 HTTP 和 HTTPS。中有一個
VirtualHost
聲明/etc/httpd/conf.d/ssl.conf
,我沒有碰過。我的配置的相關部分如下所示:# Set up Apache proxying ProxyRequests Off ProxyPreserveHost Off # URLs to handle locally # Apache built-ins ProxyPass /icons ! ProxyPassReverse /icons ! # Handle local URLs through Apache RewriteEngine On RewriteRule ^/$ /index.cgi [L] RewriteRule ^/favicon.ico /ssg/favicon.cgi [L,R] ProxyPass /ssg ! ProxyPassReverse /ssg ! ProxyPass /index.cgi ! ProxyPassReverse /index.cgi ! ProxyPass /robots.txt ! ProxyPassReverse /robots.txt ! # Hand off everything else to the Varnish backend, which will in turn # forward to the appropriate backend server process. ProxyPass / http://localhost:6081/ retry=0 ProxyPassReverse / http://localhost:6081/
代理部分工作,除了“ProxyPass!”列出的那些之外的所有 URL 規則被移交給 Varnish 後端。
但是,重寫部分僅適用於 HTTP。所以
http://myip/
將重定向到http://myip/index.cgi
和http://myip/favicon.ico
到http://myip/ssg/favicon.cgi
。在 HTTPS 上,它不起作用,而是被代理到 Varnish 後端(它會立即報告錯誤)。我一定在這裡遺漏了一些明顯的東西,但我一生都無法弄清楚是什麼。
啟用非常詳細的日誌,似乎完全忽略了 RewriteRule 部分:
[Fri Dec 14 13:38:30.248204 2018] [core:trace5] [pid 90883] protocol.c(647): [client 10.0.30.15:54280] Request received from client: GET / HTTP/1.1 [Fri Dec 14 13:38:30.248282 2018] [ssl:debug] [pid 90883] ssl_engine_kernel.c(225): [client 10.0.30.15:54280] AH02034: Initial (No.1) HTTPS request received for child 21 (server fe80::c9d0:5dd9:c7ed:2045:443) [Fri Dec 14 13:38:30.248297 2018] [http:trace4] [pid 90883] http_request.c(312): [client 10.0.30.15:54280] Headers received from client: [Fri Dec 14 13:38:30.248301 2018] [http:trace4] [pid 90883] http_request.c(316): [client 10.0.30.15:54280] Host: 10.0.28.168 [Fri Dec 14 13:38:30.248303 2018] [http:trace4] [pid 90883] http_request.c(316): [client 10.0.30.15:54280] Connection: keep-alive [Fri Dec 14 13:38:30.248305 2018] [http:trace4] [pid 90883] http_request.c(316): [client 10.0.30.15:54280] Cache-Control: max-age=0 [Fri Dec 14 13:38:30.248308 2018] [http:trace4] [pid 90883] http_request.c(316): [client 10.0.30.15:54280] Authorization: Digest username=\\"admin\\", realm=\\"Software Activation\\", nonce=\\"redacted\\", uri=\\"/\\", algorithm=MD5, response=\\"redacted\\", qop=auth, nc=0000002d, cnonce=\\"redacted\\" [Fri Dec 14 13:38:30.248310 2018] [http:trace4] [pid 90883] http_request.c(316): [client 10.0.30.15:54280] Upgrade-Insecure-Requests: 1 [Fri Dec 14 13:38:30.248312 2018] [http:trace4] [pid 90883] http_request.c(316): [client 10.0.30.15:54280] User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.85 Safari/537.36 Vivaldi/2.2.1388.21 [Fri Dec 14 13:38:30.248315 2018] [http:trace4] [pid 90883] http_request.c(316): [client 10.0.30.15:54280] DNT: 1 [Fri Dec 14 13:38:30.248316 2018] [http:trace4] [pid 90883] http_request.c(316): [client 10.0.30.15:54280] Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 [Fri Dec 14 13:38:30.248328 2018] [http:trace4] [pid 90883] http_request.c(316): [client 10.0.30.15:54280] Accept-Encoding: gzip, deflate, br [Fri Dec 14 13:38:30.248383 2018] [http:trace4] [pid 90883] http_request.c(316): [client 10.0.30.15:54280] Accept-Language: sv,en-US;q=0.9,en;q=0.8,nb;q=0.7 [Fri Dec 14 13:38:30.248513 2018] [authz_core:debug] [pid 90883] mod_authz_core.c(835): [client 10.0.30.15:54280] AH01628: authorization result: granted (no directives) [Fri Dec 14 13:38:30.248542 2018] [core:trace3] [pid 90883] request.c(304): [client 10.0.30.15:54280] request authorized without authentication by access_checker_ex hook: / [Fri Dec 14 13:38:30.248577 2018] [proxy_http:trace1] [pid 90883] mod_proxy_http.c(60): [client 10.0.30.15:54280] HTTP: canonicalising URL //localhost:6081/ [Fri Dec 14 13:38:30.248640 2018] [proxy:trace2] [pid 90883] proxy_util.c(1985): [client 10.0.30.15:54280] http: found worker http://localhost:6081/ for http://localhost:6081/ [Fri Dec 14 13:38:30.248657 2018] [proxy:debug] [pid 90883] mod_proxy.c(1123): [client 10.0.30.15:54280] AH01143: Running scheme http handler (attempt 0)
一位同事終於為我指出了正確的方向。我發現我需要
RewriteOptions Inherit
在 ssl.conf 文件的 VirtualHost 部分中添加。代理規則預設繼承,重寫選項不繼承。