| Anonymous | Login | 2024-05-04 01:11 EDT |  |
| Main | My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | |||
| 0001100 | PacketFence | captive portal | public | 2010-10-25 11:39 | 2015-02-13 15:39 | |||
| Reporter | obilodeau | |||||||
| Assigned To | ||||||||
| Priority | normal | Severity | minor | Reproducibility | always | |||
| Status | closed | Resolution | open | |||||
| Platform | OS | OS Version | ||||||
| Product Version | ||||||||
| Target Version | Fixed in Version | |||||||
| Summary | 0001100: not reaching proper external remediation pages if multiple from same domain | |||||||
| Description | There's a problem with the way we push external remediation pages in mod_rewrite config in apache. Since we don't order the statements from the tightest to the broadest then one could face an issue with that. For example in our integration tests (addons/integration-test) we have: [2010004] desc=Remediation external (domain) without auto_enable priority=8 actions=log,trap url=http://www.inverse.ca/ [^] disable=N trigger= auto_enable=N max_enable=0 [2010005] desc=Remediation external (path) with auto_enable priority=8 actions=log,trap url=https://www.inverse.ca/SOGo/ [^] disable=N trigger= auto_enable=Y max_enable=0 This will be genarated as:
# Rewrite rules generated for violation 2010004 external's URL
RewriteCond %{HTTP_HOST} www.inverse.ca
RewriteCond %{REQUEST_URI} ^/
RewriteRule ^(.*)$ http://www.inverse.ca/$1 [^] [P]
# Rewrite rules generated for violation 2010005 external's URL
RewriteCond %{HTTP_HOST} www.inverse.ca
RewriteCond %{REQUEST_URI} ^/SOGo/
RewriteRule ^(.*)$ https://www.inverse.ca/$1 [^] [P]
With the above config someone with a 2010005 violation will never hit www.inverse.ca with HTTPS because the first rewrite statement will catch it (the broadest inverse.ca one). | |||||||
| Tags | No tags attached. | |||||||
| fixed in git revision | ||||||||
| fixed in mtn revision | ||||||||
| Attached Files | ||||||||
 Relationships |
||||||
|
||||||
 Relationships |
|
Notes |
|
|
(0003784) lmunro (administrator) 2015-02-13 15:39 |
Closing old bugs. If we haven't fixed them in four years they are either not a bug, no longer relevant or not worth it. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2010-10-25 11:39 | obilodeau | New Issue | |
| 2010-10-25 11:40 | obilodeau | Summary | external remediation pages => not reaching proper external remediation pages if multiple from same domain |
| 2010-10-25 15:07 | obilodeau | Relationship added | related to 0001024 |
| 2011-01-18 11:41 | obilodeau | Target Version | => 2.1.0 |
| 2011-03-03 15:15 | obilodeau | Target Version | 2.1.0 => +1 |
| 2011-03-03 15:18 | obilodeau | Target Version | +1 => +2 |
| 2015-02-13 15:39 | lmunro | Note Added: 0003784 | |
| 2015-02-13 15:39 | lmunro | Status | new => closed |
|
Issue History |
| Copyright © 2000 - 2012 MantisBT Group |
 |