[Bug 63357] New: Allowing generated URLs to be relative

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[Bug 63357] New: Allowing generated URLs to be relative

Bugzilla from bugzilla@apache.org

            Bug ID: 63357
           Summary: Allowing generated URLs to be relative
           Product: Apache httpd-2
           Version: 2.4-HEAD
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: All
          Assignee: [hidden email]
          Reporter: [hidden email]
  Target Milestone: ---

Various parts of httpd currently generate the Location response header and
other links as absolute URLs, even when the input (e.g., in a Redirect
directive) is a relative URL, using a call to ap_construct_url().

This can cause operational difficulties for the site if it's deployed with a
reverse proxy or CDN in front of it.

E.g., if the outward-facing site is www.example.com and the origin has a
separate name, origin.example.com, the reverse proxy/CDN will need to rewrite
Location headers and other generated URLs to match the outward-facing site.

RFC7231 specified that relative URLs are allowed in the Location header,
recognising that this was universally supported:


So, it would be very helpful if Apache were to allow these URLs to be generated
as relative, rather than forcing them to be absolute. This would avoid not only
configuration problems when sitting behind a CDN or reverse proxy, but also
avoid the need to rewrite headers, allowing the site to be served more

If changing behaviour is a concern, this could be put behind a configuration
option, although the default should be to allow relative URLs.

AFAICT the affected modules are:

- mod_dav - Location generation in dav_created()
- mod_alias - Location generation in translate_alias_redir() and fixup_redir()
- mod_dir - Location generation in fixup_dir() x2
- mod_imagemap - image map generation in imap_url() x2
- mod_speling - Location generation in check_speling()

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]