#2646 Redirection problem

Development CVS
open
nobody
Website (6)
5
2009-06-19
2009-06-19
No

Squirrelmail version : 1.4.15-4+lenny2
Platform : Linux, Debian lenny

I'm using squirrelmail on a quite unusual setup. Apache https is running on port 8043. Requests coming on port 443 are redirected to port 8043 on the server (using a dumb proxy, should be the same with iptables).

During browsing, sometimes the client is redirected (header(location:xxx) to port 8043, which obviously won't work if there is a paranoïd firewall between the client and the server. From my investigation, this comes from the following code :

functions/strings.php, lines 328+

if (strpos($host, ':') === FALSE) {
if (sqgetGlobalVar('SERVER_PORT', $server_port, SQ_SERVER)) {
if (($server_port != 80 && $proto == 'http://') ||
($server_port != 443 && $proto == 'https://' &&
strcasecmp($forwarded_proto, 'https') !== 0)) {
$port = sprintf(':%d', $server_port);
}
}
}

The HTTP RFC states that the port may be omitted in the host header *if it is the default port*. Thus, squirrelmail should use the default port for the redirection, not the server port (which may, for some reasons like reverse proxies, not be the same as the port used by the client).

There is a patch proposal :

if (strpos($host, ':') === FALSE) { /* no port was specified by client, use default ports */
$port = '';
}

Discussion


Log in to post a comment.