Strange problem with simple search and SSL access

Hello,

I’ve a strange problem…we used to use mod_rewrite to change http to
https requests to RT when they came from a public interface. Up until I
upgraded from RT 3.2x to 3.6.3, this worked just fine…seemed to me
that Apache was doing the hard work via the rewrite. Now that I’ve
upgraded to 3.6.3, we have either an interesting problem
or I’ve missed something…or some combination of the two, or a bug.

When accessing via SSL and entering an alpha string in the text field -
for example, “LRN”, this works fine and the search returns a list of
tickets containing string LRN. Now, go back and instead of an alpha
string, enter just a number (ie, a ticket number) - this is where it
fails for me - the URL string is changing based on whether you’re
searching for a text string or just a number - I can see where this
discrimination happens in the
“share/html/Search/Simple.html” code:

if ($q =~ /^(\d+)$/) {

RT::Interface::Web::Redirect($RT::WebURL.“/Ticket/Display.html?id=”.$q);

}

But even when I remove/comment out and restart FCGI/Apache, same
problem…

Here are what the URL strings look like based on how/what is searched
for:

search for “8334” via the default “Search” field in MyRT via
https://tickets.foo.us created this string:
http://tickets.foo.us:443//Ticket/Display.html?id=8334

whereas search for LRN starting from the same https://tickets.foo.us
created
https://tickets.foo.us/Search/Simple.html?q=LRN

Big difference…and on the wrong one, if you add an “s” to the
http://, it works just fine - somewhere, somehow, it seems to me that RT
is doing something silly :slight_smile:

Any clues?

Thanks!
Mike

So, to answer my own question and to help anyone else that has this
issue in the future, in the RT/Interface/Web.pm Redirect sub, there is:

$uri->port($ENV{‘SERVER_PORT’});

I commented this line out, and now my Apache mod_rewrite voodoo is
handling things just fine (forcing https when http requests come in).
If there’s a more graceful way of doing this, I’d love to know :slight_smile:

Mike

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1On Wed, 11 Apr 2007 at 13:51 (-0700), Michael Schrimshaw wrote:

So, to answer my own question and to help anyone else that has this
issue in the future, in the RT/Interface/Web.pm Redirect sub, there is:

$uri->port($ENV{‘SERVER_PORT’});

I commented this line out, and now my Apache mod_rewrite voodoo is
handling things just fine (forcing https when http requests come in). If
there’s a more graceful way of doing this, I’d love to know :slight_smile:

Mike,

Thanks!

It turns out that my problem (described in earlier postings), whereby
Firefox returned an error popup when I tried a simple search, also is
fixed when I comment out the above line.

I suspect that what our problems have in common (though the symptoms are
quite different) is that RT code is making assumptions about the value of
$ENV{‘SERVER_PORT’} that are not always valid.

In particular, I’m running RT in a ‘virtual private server’ that sits
behind a web proxy server which is actually hosting the RT URL. I guess
the value of the environment variable ‘SERVER_PORT’ on the ‘inner’ apache
(that’s actually running RT) is being set to 80 even though the external
proxy is receiving connections on 443. In fact, my RT session cookie
still has an ‘80’ in it. But setting $uri->port to that value is not
going to be right since that’s not the port on which the connection is
taking place.

Anyway, when I comment out the above line, simple search works. Firefox
no longer puts up the pop-up message and Opera no longer hangs, but
produces the correct result.

Now, like you, I can’t help but feel that there’s a more ‘proper’ solution
to this than just removing that line of code. Perhaps the setting of
SERVER_PORT needs to be done differently via some configuration option.
But this is mere speculation.

Also, I notice that the affected code does not appear in earlier versions
of RT, at least not 3.4.2 or 3.4.5, both of which systems I’ve been
supporting without this problem.

Thanks again.

Mike

Mike Friedman Information Services & Technology
mikef@ack.Berkeley.EDU 2484 Shattuck Avenue
1-510-642-1410 University of California at Berkeley
Socrates and Berkeley Scholars Web Hosting Services Have Been Retired | Web Platform Services http://ist.berkeley.edu

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQA/AwUBRh+iJq0bf1iNr4mCEQK6UQCfRZUyaNo1wKp7eb907+HqT6epq3YAoItG
1eAQxY4VJvHAqFPywYctRiSd
=7SU2
-----END PGP SIGNATURE-----