APAR status
Closed as program error.
Error description
User is checking whether a request arrived over HTTPS indirectly by checking if the local server port is 443 with 'RewriteCond %{SERVER_PORT} =443'. When the ServerName does not contain an explicit port number, the check fails. Note that the preferred method is to check %{ENV:HTTPS"} =ON, however %{SERVER_PORT} should reflect the proper value regardless.
Local fix
For relief, the preferred mechanism to do this (in order) is one of: 1) Put your https-to-http rewrite rules exclusively in SSL-enabled virtual hosts, so they do not need to check the port or protocol. 2) Check the "HTTPS" indicator available directly to rewrite: RewriteCond %{ENV:HTTPS} =ON [NC] 3) Supply the port as part of the ServerName in the virtual host.
Problem summary
**************************************************************** * USERS AFFECTED: IBM HTTP Server users with SSL enabled and * * mod_setenvif or mod_rewrite directives that consult the * * internal "SERVER_PORT" variable at runtime in virtualhosts * * whose ServerName directive does not contain a port number. * **************************************************************** * PROBLEM DESCRIPTION: %{SERVER_PORT} returns "80" instead of * * "443" for SSL virtualhosts. * **************************************************************** * RECOMMENDATION: Apply this fix if your ruleset requires the * * local port info in a RewriteCond instead of checking * * %{ENV:HTPS} directly (preferred). * **************************************************************** In addition to the mod_rewrite impact, some third-party modules may consume the same API for determining the server port and they will see the same benefit after the fix. A workaround for these modules is to always use a port number on the ServerName directive.
Problem conclusion
mod_ibm_ssl now implements the Apache callback that determines the correct default port for a request, in the same fashion as mod_ssl does in Apache HTTP Server. This fix is targeted for IHS fixpacks: - 6.0.2.37 - 6.1.0.27 - 7.0.0.7
Temporary fix
Comments
APAR Information
APAR number
PK87590
Reported component name
IBM HTTP SERVER
Reported component ID
5724J0801
Reported release
61W
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2009-05-29
Closed date
2009-05-29
Last modified date
2009-08-20
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
IBM HTTP SERVER
Fixed component ID
5724J0801
Applicable component levels
R60A PSN
UP
R60H PSN
UP
R60I PSN
UP
R60P PSN
UP
R60S PSN
UP
R60W PSN
UP
R60Z PSN
UP
R61A PSN
UP
R61H PSN
UP
R61I PSN
UP
R61P PSN
UP
R61S PSN
UP
R61W PSN
UP
R61Z PSN
UP
R700 PSN
UP
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1"}]
Document Information
Modified date:
07 September 2022