nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-01-21 07:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

apache: Don't redirect to HTTPS for .onion domains

Browse Source 
Tests:

- Without the patch, run torsocks curl -kv http://DOMAIN.onion. Observe that
redirection to https happens.

- Without the patch, run curl -kv http://localhost. Observe that redirection to
https happens.

- With the patch, run torsocks curl -kv http://DOMAIN.onion. Observe that
redirection to https does not happen.

- With the patch, run curl -kv http://localhost. Observe that redirection to
https happens.

[sunil: Perform case insensitive match]
[sunil: Remove capture of domain name match]
[sunil: Strictly check that domain ends with .onion]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tested-by: Sunil Mohan Adapa <sunil@medhas.org>
This commit is contained in:
Benedek Nagy 2022-01-15 23:49:50 +00:00 committed by Sunil Mohan Adapa
parent 44bff730f3
commit e7399a4d8e
No known key found for this signature in database
GPG Key ID: 43EA1CFF0AA7C5F2
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
data/etc/apache2/sites-available/plinth-ssl.conf
View File

@ -10,6 +10,9 @@
##
<Location /plinth>
RewriteEngine on
# Don't redirect for onion sites as it is not needed and leads to
# unnecessary warning.
RewriteCond %{HTTP_HOST} !^.*\.onion$ [NC]
ReWriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</Location>