Re: [dns-operations] bug in Apache handling of real FQDNs

Craig Leres Sat, 06 Jun 2015 15:22:58 -0700

On 6/6/2015 10:56 AM, Fred Morris wrote:
> By "real" I mean "really fully qualified", as in "ending in a dot".
> 
> Try this:
> 
>   https://apache.org.
> 
> Take note of the final dot. (Try https://apache.org./foo if you like.) In any 
> case what you'll see is:
> 
> 1) You get asked to accept an untrusted cert.
> 
> 2) You get 400 Bad Request.
> 
> Thoughts? Comments? Worth reporting?


Here are apache rewrite rules that redirect to the url without the
trailing dot:

    RewriteEngine On

    # Don't switch protocols
    RewriteCond %{HTTPS} =on
    RewriteRule ^(.+)$ - [env=myproto:https]
    RewriteCond %{HTTPS} !=on
    RewriteRule ^(.+)$ - [env=myproto:http]

    # Remove trailing dot
    RewriteCond %{HTTP_HOST} ^(.*)\.$
    RewriteRule ^(.*)$ %{ENV:myproto}://%1$1 [R=301,L]

                Craig
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

Re: [dns-operations] bug in Apache handling of real FQDNs

Reply via email to