Closed Bug 1063394 Opened 11 years ago Closed 10 years ago

buglist.cgi redirection does not work for bugzilla server behind reverse web proxy

Categories

(Bugzilla :: Query/Bug List, defect)

Product:
Bugzilla
Component:
Query/Bug List
Version:
4.5.5
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1258187

People

(Reporter: stonezhong, Unassigned)

Details

Attachments

(2 files)

Bugzilla/CGI.pm.patch
1.26 KB, patch
Details | Diff | Splinter Review
Make this bug appear with tomcat
1.24 KB, application/zip
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0 Build ID: 20131224163557 Steps to reproduce: Here is my configuration: bugzilla.mycompany.com is a reverse web proxy, it has httpd runs on port 443, it has an entry like: <VirtualHost *:443> ServerName bugzilla.mycompany.com <Location /> Order allow,deny Allow from all ProxyPass http://bugzilla.internaldomain.local/ ProxyPassReverse http://bugzilla.internaldomain.local/ </Location> SSLEngine On SSLProxyEngine On SSLCertificateFile /etc/httpd/certs/bugzilla.mycompany.com.crt SSLCertificateKeyFile /etc/httpd/certs/bugzilla.mycompany.com.key SSLCertificateChainFile /etc/httpd/certs/ca.crt </VirtualHost> bugzilla.internaldomain.local is a machine has bugzilla installed and listens on port 80, however, urlbase has been set to https://bugzilla.mycompany.com/bugzilla/ Now, if the browser click a saved search, the link is "https://bugzilla.mycompany.com/bugzilla/buglist.cgi?cmdtype=runnamed&namedcmd=foo", it redirect to "http://bugzilla.mycompany.com/bugzilla/buglist.cgi?cmdtype=runnamed&namedcmd=foo". This does not work since on reverse proxy, user can only use https, not http. Actual results: Now, if the browser click a saved search, the link is "https://bugzilla.mycompany.com/bugzilla/buglist.cgi?cmdtype=runnamed&namedcmd=foo", it redirect to "http://bugzilla.mycompany.com/bugzilla/buglist.cgi?cmdtype=runnamed&namedcmd=foo". This does not work since on reverse proxy, user can only use https, not http. Expected results: It should stick with https. It seems the bug is in function redirect_search_url (in Bugzilla/CGI.pm): since the reverse proxy talks to bugzilla sever using http, so $self_url is http, not https, however, since I have already set the urlbase, it should respect the https I set in urlbase, instead of using the url bugzilla receives. my $self_url = $self->self_url(); # hacked by Stone Zhong since my bugzilla is behind a reverse proxy using https $self_url =~s/^http/https/; if ($self->request_method() ne 'POST' or length($self_url) < CGI_URI_LIMIT) { print $self->redirect(-url => $self_url); exit; }
Well, I got a workaround, which is to config another redirect in my reverse web proxy: <VirtualHost *:80> ServerName bugzilla.mycompany.com Redirect permanent / https://bugzilla.mycompany.com/ </VirtualHost> This seems fixed my problem.
Component: Bugzilla-General → Query/Bug List
I have similar problem with bugzilla 4.2.6, 4.4.0 , 3.6.3: My configuration of external proxy server redirect http to https: <VirtualHost external_IP:80> ServerName bugzilla.mycompany.com ServerAlias www.bugzilla.mycompany.com Redirect / https://bugzillanagios.mycompany.com </VirtualHost> and https virtual host: <VirtualHost external_IP:443> ServerName bugzilla.mycompany.com LogLevel crit CustomLog /var/log/httpd/bugzilla-ssl.log combined ErrorLog /var/log/httpd/bugzilla-ssl.error DirectoryIndex index.cgi SSLCertificateFile /etc/httpd/cert/server.pem SSLCertificateKeyFile /etc/httpd/cert/server.key SSLEngine On SSLProxyEngine On ProxyPass http://10.20.20.20/bugzilla/ ProxyPassReverse http://10.20.20.20/bugzilla/ </VirtualHost> IP: 10.20.20.20 is my internal server with bugzilla installation. Everything works perfect except My bugs link: when i click to this link i get bad address in response from server (with bugzilla subfolder in link) : https://bugzilla.mycompany.com/bugzilla/buglist.cgi?resolution=---&emailassigned_to1=1&emailr..... instead of: https://bugzilla.mycompany.com/buglist.cgi?resolution=---&emailassigned_to1=1&emailr..... Can someone help me solve this problem Is it problem with higher CGI module (i have CGI.pm 4.04) Or i have to add RewriteRule to my apache config ?
in VirtualHost section i have : ProxyPass / http://10.20.20.20/bugzilla/ ProxyPassReverse / http://10.20.20.20/bugzilla/ sorry for literal lapse.
Since this is still a problem in 5.0, this patch attempts to resolve the issue by using the "redirect_to_urlbase" method in "redirect_search_url". This solves the issue for me :)
The proposed patch probably has the inconvenient, that for "normal" installations a redirect from SSL to non-SSL is done. Would a relative redirect solve all problems? (Should work for HTTP/1.1 capable clients - should compatability for HTTP/1.0 clients be retained?) The "bug" also appears for installation in Tomcat with SSL.
I hadn't looked at this bug before, but it sounds like a misconfiguration, considering that many bugzilla installs are behind reverse proxies (including this one).
Looks like this problem has been fixed in master, see bug 1258187. Could someone apply the patch attached there and report if it fixes your problem?
From my understanding the proposed fix from bug 1258187 makes sense. But the method name "redirect_to_urlbase" and the documentation at the end of Bugzilla/CGI.pm ---- =item C<redirect_to_urlbase> Redirects from the current URL to one prefixed by the urlbase parameter." ---- are not as precise as they could be. At first read I thought, they will always redirect to urlbase, but in fact they may redirect to sslbase as well. I just tested the fix from bug 1258187, and it works for me. I have - Bugzilla 5.0.2 - urlbase set to https URL (same as sslbase) - ssl_redirect set to off
Thanks for the feedback. Marking this bug as a duplicate as this issue is fixed in bug 1258187.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: