Using https in web interface results sometimes in "Bad Request"


#1

Hello,

I recently installed RT 3.8.4 on our FreeBSD server. And everything
seems to work correctly.

Except for some actions in the Web user interface when using https (thus
using https://rt.example.com).

For example, when I am on the home page
https://rt.example.com/index.html (and logged on as a non-root user),
and I want to take a new ticket.

I cannot locate the problem. I briefly looked into the
…/html/Ticket/Display.html file, but couldn’t find an obvious reason.

I configured Set($WebDomain , ‘rt.example.com’); and left the
$WebBaseURL untouched (thus the default setting selecting on port 443
for using https).

Anybody a clue how to solve this? Again, with editing the URL from http
to https in the location bar of the web browser seems to work correclty,
I rather have it corrected in the RT setup.

Thanks,

– Benno

Benno J. Overeinder
NLnet Labs
http://www.nlnetlabs.nl/


#2

Hello,

I recently installed RT 3.8.4 on our FreeBSD server. And everything
seems to work correctly.

Except for some actions in the Web user interface when using https (thus
using https://rt.example.com).

Anybody a clue how to solve this? Again, with editing the URL from http
to https in the location bar of the web browser seems to work correclty,
I rather have it corrected in the RT setup.

In reply to my own post, I found out that two other postings to this
email list report the same (or similar) problem. But unfortunately,
both without any replies or solutions.

After reading some other postings on redirection and problems with https
and port 80/443, I looked into the Perl file RT/Interface/Web.pm. The
problem seems the code starting at line 194 in subroutine Redirect (for
RT 3.8.4):

    if ( defined $ENV{HTTPS} and $ENV{'HTTPS'} eq 'on' ) {
        $uri->scheme('https');
    }
    else {
        $uri->scheme('http');
    }

    # [rt3.fsck.com #12716] Apache recommends use of $SERVER_HOST
    $uri->host( $ENV{'SERVER_HOST'} || $ENV{'HTTP_HOST'} );
    $uri->port( $ENV{'SERVER_PORT'} );

The “if” statement here seems to be always false, even if one does use
https. Checking the value of HTTPS shows it is always undefined
(empty). Is this a problem with RT and Apache2 interaction? Should
Apache2 set the HTTPS environment variable?

– Benno

Benno J. Overeinder
NLnet Labs
http://www.nlnetlabs.nl/


#3

Do you use both http and https?On Thu, Jul 16, 2009 at 5:53 PM, Benno Overeinderbenno@nlnetlabs.nl wrote:

On 7/15/09 8:23 PM, Benno Overeinder wrote:

Hello,

I recently installed RT 3.8.4 on our FreeBSD server. And everything
seems to work correctly.

Except for some actions in the Web user interface when using https (thus
using https://rt.example.com).

Anybody a clue how to solve this? Again, with editing the URL from http
to https in the location bar of the web browser seems to work correclty,
I rather have it corrected in the RT setup.

In reply to my own post, I found out that two other postings to this
email list report the same (or similar) problem. But unfortunately,
both without any replies or solutions.

After reading some other postings on redirection and problems with https
and port 80/443, I looked into the Perl file RT/Interface/Web.pm. The
problem seems the code starting at line 194 in subroutine Redirect (for
RT 3.8.4):

   if ( defined $ENV{HTTPS} and $ENV{'HTTPS'} eq 'on' ) {
       $uri->scheme('https');
   }
   else {
       $uri->scheme('http');
   }

   # [rt3.fsck.com #12716] Apache recommends use of $SERVER_HOST
   $uri->host( $ENV{'SERVER_HOST'} || $ENV{'HTTP_HOST'} );
   $uri->port( $ENV{'SERVER_PORT'} );

The “if” statement here seems to be always false, even if one does use
https. Checking the value of HTTPS shows it is always undefined
(empty). Is this a problem with RT and Apache2 interaction? Should
Apache2 set the HTTPS environment variable?

– Benno


Benno J. Overeinder
NLnet Labs
http://www.nlnetlabs.nl/


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Best regards, Ruslan.


#4

Hi Ruslan,On 07/16/2009 10:42 PM, Ruslan Zakirov wrote:

Do you use both http and https?

Yes, for testing purposes I have used both http and https. http works
fine, also for the Redirect subroutine in Web.pm.

For testing/debugging, I have removed the if-then-else statement and
just hardcoded the $uri->scheme(‘https’) in Redirect. Then https works
like a charm, but now using http and a redirect happens, http is
promoted to https by the hardcoded $uri->scheme(‘https’). As expected
of course. :slight_smile:

Best,

– Benno

Benno J. Overeinder
NLnet Labs
http://www.nlnetlabs.nl/


#5

Benno,

Thanks for the investigation - that throws more light on it. We were using http internally and https externally - I think I may just patch my systems as per your test and use https 100% of the time, the server is not particularly heavily loaded so it should not be a big problem. How did you decide to proceed and have you had any more feedback on the “if” statement?

Best regards

JamesFrom: rt-users-bounces@lists.bestpractical.com [mailto:rt-users-bounces@lists.bestpractical.com] On Behalf Of Benno Overeinder
Sent: 17 July 2009 16:45
To: Ruslan Zakirov
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Using https in web interface results sometimes in “Bad Request”

Hi Ruslan,


#6

James,On 8/25/09 9:47 AM, James J. Oliver wrote:

Thanks for the investigation - that throws more light on it. We were using http internally and https externally - I think I may just patch my systems as per your test and use https 100% of the time, the server is not particularly heavily loaded so it should not be a big problem. How did you decide to proceed and have you had any more feedback on the “if” statement?

Thank you for looking into unintended https/http switch. As we (at our
lab) travel quite frequently and hook up to different wireless networks,
we try to access our service via https/ssl/tls/…

I did not receive any more feedback on the “if” statement. The way we
proceed is quite simple, actually. If with an action a redirect of
http://…:443/… occurs, we just correct the url in the browser to
https://…:443/… Everything goes fine after that, including the
confirmation that the action is processed.

For convenience, I can hard code $uri->scheme(‘https’), which is fine
for our workflow.

Thanks,

– Benno

Benno J. Overeinder
NLnet Labs
http://www.nlnetlabs.nl/


#7

Thanks Benno - I’ll let you know how I get on. I am a bit surprised that only one person other than you and me has noticed this issue!From: Benno Overeinder [mailto:benno@NLnetLabs.nl]
Sent: 26 August 2009 20:14
To: James J. Oliver
Cc: ‘Ruslan Zakirov’; 'rt-users@lists.bestpractical.com’
Subject: Re: [rt-users] Using https in web interface results sometimes in “Bad Request”

James,


#8

Benno,

I’m just writing to say thanks. I was having this issue because I’m using nginx and didn’t configured it to pass the https variable to fastcgi.

Tough I didn’t find those lines, this post gave me a clue and added this to the nginx config:

fastcgi_param HTTPS $https;

Problem fixed!