CGI-скрипты больше не доступны после исправления перенаправления https://www - PullRequest
Новая
       36

CGI-скрипты больше не доступны после исправления перенаправления https://www

0 голосов
/ 01 марта 2020

Я делаю после сообщения от https://www до https://no-www перенаправление .

Мне наконец-то удалось создать групповой сертификат *.website.com, который позволяет мне с правилами перезаписи получить перенаправление на https://website.com с изначально https://www.website.com.

Теперь я столкнулся с другой проблемой: мои CGI скрипты в каталоге cgi-bin не работают больше как например: https://website.com/cgi-bin/awstats.pl

Я использую следующие правила перезаписи, чтобы получить https://www.website.com до https://webiste.com (используя zope framework позади apache): 

<VirtualHost *:443>

    # Name
    ServerAdmin admin@website.com
    ServerName website.com
    ServerAlias www.website.com

    # LOG
    CustomLog /var/log/apache2/access.log combined

    # ACTIVATE SSL
    SSLEngine On

    SSLCertificateFile /etc/letsencrypt/live/website.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/website.com/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/website.com/chain.pem

    # REWRITE
    RewriteEngine On
    RewriteCond %{REQUEST_URI} !^/cgi-bin/awstats [NC]

    RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
    RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
    RewriteRule ^/(.*)  https://localhost:8443/++vh++https:%{SERVER_NAME}:443/++/$1 [P,L]

    SSLProxyEngine On
    RequestHeader set Front-End-Https "On"
    #CacheDisable *

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

    Alias /awstatsclasses "/usr/share/awstats/lib/"
    Alias /awstats-icon "/usr/share/awstats/icon/"
    Alias /awstatscss "/usr/share/doc/awstats/examples/css"

<Directory "/usr/lib/cgi-bin/">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
                SSLRequireSSL
</Directory>

</VirtualHost>

<VirtualHost *:80>

    ServerAdmin admin@website.com
    ServerName website.com
    ServerAlias www.website.com

    RewriteCond %{REQUEST_URI} ^/www\. [NC,OR]
    RewriteCond %{REQUEST_URI} !^/podcast [NC]
    # Rewrite below works : redirect 80 => https
    RewriteRule ^/(.*) https://website.com/$1 [R=301,L]
    # For Zope
    RewriteRule ^/(.*)  http://localhost:9674/++vh++http:%{SERVER_NAME}:80/++/$1 [P,L]

</IfModule>

</VirtualHost>

Это довольно сложно, но в результате я набираю: https://website.com/cgi-bin/awstats.pl, я получаю эквивалент ошибки 404 Apache2, но исходящей от Zope.

Как заставить работать мои CGI-скрипты снова ?

Это разочаровывает от предыдущего поста: я исправил перенаправление https://www.website.com на https://website.com, но сейчас это скрипты CGI, которые больше не являются доступно.

До внесения изменений о перенаправлении https://www на * 10 44 *https://no-www, скрипты были доступны. Я не понимаю, откуда это могло прийти.

Обновление 1

Вывод Apache2: 

[Sun Mar 01 10:49:33.445944 2020] [ssl:debug] [pid 9866] ssl_engine_kernel.c(383): [client 91.171.129.151:7825] AH02034: Subsequent (No.7) HTTPS request received for child 7 (server website.com:443), referer: https://website.com/style/style2.css
[Sun Mar 01 10:49:33.445986 2020] [authz_core:debug] [pid 9866] mod_authz_core.c(846): [client 91.171.129.151:7825] AH01628: authorization result: granted (no directives), referer: https://website.com/style/style2.css
[Sun Mar 01 10:49:33.446022 2020] [proxy:debug] [pid 9866] mod_proxy.c(1249): [client 91.171.129.151:7825] AH01143: Running scheme https handler (attempt 0), referer: https://website.com/style/style2.css
[Sun Mar 01 10:49:33.446032 2020] [proxy:debug] [pid 9866] proxy_util.c(2316): AH00942: HTTPS: has acquired connection for (*)
[Sun Mar 01 10:49:33.446041 2020] [proxy:debug] [pid 9866] proxy_util.c(2369): [client 91.171.129.151:7825] AH00944: connecting https://localhost:8443/++vh++https:website.com:443/++/images/up-arrow.png to localhost:8443, referer: https://website.com/style/style2.css
[Sun Mar 01 10:49:33.446204 2020] [proxy:debug] [pid 9866] proxy_util.c(2578): [client 91.171.129.151:7825] AH00947: connected /++vh++https:website.com:443/++/images/up-arrow.png to localhost:8443, referer: https://website.com/style/style2.css
[Sun Mar 01 10:49:33.446288 2020] [proxy:debug] [pid 9866] proxy_util.c(3047): AH02824: HTTPS: connection established with 127.0.0.1:8443 (*)
[Sun Mar 01 10:49:33.446307 2020] [proxy:debug] [pid 9866] proxy_util.c(3215): AH00962: HTTPS: connection complete to 127.0.0.1:8443 (localhost)
[Sun Mar 01 10:49:33.446320 2020] [ssl:info] [pid 9866] [remote 127.0.0.1:8443] AH01964: Connection to child 0 established (server website.com:443)
[Sun Mar 01 10:49:33.454637 2020] [proxy:debug] [pid 9865] proxy_util.c(2331): AH00943: *: has released connection for (*)
[Sun Mar 01 10:49:33.454721 2020] [ssl:debug] [pid 9865] ssl_engine_io.c(1106): [remote 127.0.0.1:8443] AH02001: Connection closed to child 0 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:33.454772 2020] [proxy:debug] [pid 9865] proxy_util.c(3154): [remote 127.0.0.1:8443] AH02642: proxy: connection shutdown
[Sun Mar 01 10:49:33.459030 2020] [proxy:debug] [pid 9851] proxy_util.c(2331): AH00943: *: has released connection for (*)
[Sun Mar 01 10:49:33.459109 2020] [ssl:debug] [pid 9851] ssl_engine_io.c(1106): [remote 127.0.0.1:8443] AH02001: Connection closed to child 0 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:33.459144 2020] [ssl:debug] [pid 9866] ssl_engine_kernel.c(1740): [remote 127.0.0.1:8443] AH02275: Certificate Verification, depth 0, CRL checking mode: none (0) [subject: CN=website.com / issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US / serial: 033E19116893A728CDC809BA511D98069F7E / notbefore: Jun 29 23:22:00 2017 GMT / notafter: Sep 27 23:22:00 2017 GMT]
[Sun Mar 01 10:49:33.459161 2020] [proxy:debug] [pid 9851] proxy_util.c(3154): [remote 127.0.0.1:8443] AH02642: proxy: connection shutdown
[Sun Mar 01 10:49:33.459193 2020] [ssl:debug] [pid 9866] ssl_engine_kernel.c(1740): [remote 127.0.0.1:8443] AH02275: Certificate Verification, depth 0, CRL checking mode: none (0) [subject: CN=website.com / issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US / serial: 033E19116893A728CDC809BA511D98069F7E / notbefore: Jun 29 23:22:00 2017 GMT / notafter: Sep 27 23:22:00 2017 GMT]
[Sun Mar 01 10:49:33.463339 2020] [ssl:debug] [pid 9866] ssl_engine_kernel.c(2235): [remote 127.0.0.1:8443] AH02041: Protocol: TLSv1, Cipher: AES256-SHA (256/256 bits)
[Sun Mar 01 10:49:33.463411 2020] [proxy:debug] [pid 9853] proxy_util.c(2331): AH00943: *: has released connection for (*)
[Sun Mar 01 10:49:33.463486 2020] [ssl:debug] [pid 9853] ssl_engine_io.c(1106): [remote 127.0.0.1:8443] AH02001: Connection closed to child 0 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:33.463534 2020] [proxy:debug] [pid 9853] proxy_util.c(3154): [remote 127.0.0.1:8443] AH02642: proxy: connection shutdown
[Sun Mar 01 10:49:33.471527 2020] [proxy:debug] [pid 9866] proxy_util.c(2331): AH00943: *: has released connection for (*)
[Sun Mar 01 10:49:33.471590 2020] [ssl:debug] [pid 9866] ssl_engine_io.c(1106): [remote 127.0.0.1:8443] AH02001: Connection closed to child 0 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:33.471627 2020] [proxy:debug] [pid 9866] proxy_util.c(3154): [remote 127.0.0.1:8443] AH02642: proxy: connection shutdown
[Sun Mar 01 10:49:33.511179 2020] [ssl:debug] [pid 9853] ssl_engine_kernel.c(383): [client 91.171.129.151:7821] AH02034: Subsequent (No.8) HTTPS request received for child 4 (server website.com:443)
[Sun Mar 01 10:49:33.511249 2020] [authz_core:debug] [pid 9853] mod_authz_core.c(846): [client 91.171.129.151:7821] AH01628: authorization result: granted (no directives)
[Sun Mar 01 10:49:33.511303 2020] [proxy:debug] [pid 9853] mod_proxy.c(1249): [client 91.171.129.151:7821] AH01143: Running scheme https handler (attempt 0)
[Sun Mar 01 10:49:33.511332 2020] [proxy:debug] [pid 9853] proxy_util.c(2316): AH00942: HTTPS: has acquired connection for (*)
[Sun Mar 01 10:49:33.511343 2020] [proxy:debug] [pid 9853] proxy_util.c(2369): [client 91.171.129.151:7821] AH00944: connecting https://localhost:8443/++vh++https:website.com:443/++/favicon.ico to localhost:8443
[Sun Mar 01 10:49:33.511551 2020] [proxy:debug] [pid 9853] proxy_util.c(2578): [client 91.171.129.151:7821] AH00947: connected /++vh++https:website.com:443/++/favicon.ico to localhost:8443
[Sun Mar 01 10:49:33.511670 2020] [proxy:debug] [pid 9853] proxy_util.c(3047): AH02824: HTTPS: connection established with 127.0.0.1:8443 (*)
[Sun Mar 01 10:49:33.511696 2020] [proxy:debug] [pid 9853] proxy_util.c(3215): AH00962: HTTPS: connection complete to 127.0.0.1:8443 (localhost)
[Sun Mar 01 10:49:33.511713 2020] [ssl:info] [pid 9853] [remote 127.0.0.1:8443] AH01964: Connection to child 0 established (server website.com:443)
[Sun Mar 01 10:49:33.512494 2020] [ssl:debug] [pid 9853] ssl_engine_kernel.c(1740): [remote 127.0.0.1:8443] AH02275: Certificate Verification, depth 0, CRL checking mode: none (0) [subject: CN=website.com / issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US / serial: 033E19116893A728CDC809BA511D98069F7E / notbefore: Jun 29 23:22:00 2017 GMT / notafter: Sep 27 23:22:00 2017 GMT]
[Sun Mar 01 10:49:33.512541 2020] [ssl:debug] [pid 9853] ssl_engine_kernel.c(1740): [remote 127.0.0.1:8443] AH02275: Certificate Verification, depth 0, CRL checking mode: none (0) [subject: CN=website.com / issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US / serial: 033E19116893A728CDC809BA511D98069F7E / notbefore: Jun 29 23:22:00 2017 GMT / notafter: Sep 27 23:22:00 2017 GMT]
[Sun Mar 01 10:49:33.517345 2020] [ssl:debug] [pid 9853] ssl_engine_kernel.c(2235): [remote 127.0.0.1:8443] AH02041: Protocol: TLSv1, Cipher: AES256-SHA (256/256 bits)
[Sun Mar 01 10:49:33.525382 2020] [proxy:debug] [pid 9853] proxy_util.c(2331): AH00943: *: has released connection for (*)
[Sun Mar 01 10:49:33.525443 2020] [ssl:debug] [pid 9853] ssl_engine_io.c(1106): [remote 127.0.0.1:8443] AH02001: Connection closed to child 0 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:33.525476 2020] [proxy:debug] [pid 9853] proxy_util.c(3154): [remote 127.0.0.1:8443] AH02642: proxy: connection shutdown
[Sun Mar 01 10:49:34.109743 2020] [watchdog:debug] [pid 9869] mod_watchdog.c(567): AH02980: Watchdog: nothing configured?
[Sun Mar 01 10:49:34.109885 2020] [proxy:debug] [pid 9869] proxy_util.c(1924): AH00925: initializing worker proxy:reverse shared
[Sun Mar 01 10:49:34.109901 2020] [proxy:debug] [pid 9869] proxy_util.c(1981): AH00927: initializing worker proxy:reverse local
[Sun Mar 01 10:49:34.109955 2020] [proxy:debug] [pid 9869] proxy_util.c(2032): AH00931: initialized single connection worker in child 9869 for (*)
[Sun Mar 01 10:49:34.110492 2020] [watchdog:debug] [pid 9870] mod_watchdog.c(567): AH02980: Watchdog: nothing configured?
[Sun Mar 01 10:49:34.110610 2020] [proxy:debug] [pid 9870] proxy_util.c(1924): AH00925: initializing worker proxy:reverse shared
[Sun Mar 01 10:49:34.110625 2020] [proxy:debug] [pid 9870] proxy_util.c(1981): AH00927: initializing worker proxy:reverse local
[Sun Mar 01 10:49:34.110674 2020] [proxy:debug] [pid 9870] proxy_util.c(2032): AH00931: initialized single connection worker in child 9870 for (*)
[Sun Mar 01 10:49:48.437276 2020] [ssl:debug] [pid 9864] ssl_engine_io.c(1106): [client 91.171.129.151:7823] AH02001: Connection closed to child 5 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:48.438985 2020] [ssl:debug] [pid 9849] ssl_engine_io.c(1106): [client 91.171.129.151:7822] AH02001: Connection closed to child 0 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:48.467248 2020] [ssl:debug] [pid 9865] ssl_engine_io.c(1106): [client 91.171.129.151:7824] AH02001: Connection closed to child 6 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:48.470814 2020] [ssl:debug] [pid 9851] ssl_engine_io.c(1106): [client 91.171.129.151:7820] AH02001: Connection closed to child 2 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:48.478015 2020] [ssl:debug] [pid 9866] ssl_engine_io.c(1106): [client 91.171.129.151:7825] AH02001: Connection closed to child 7 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:48.539212 2020] [ssl:debug] [pid 9853] ssl_engine_io.c(1106): [client 91.171.129.151:7821] AH02001: Connection closed to child 4 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:56.282123 2020] [ssl:info] [pid 9852] [client 127.0.0.1:49482] AH01964: Connection to child 3 established (server website.com:443)
[Sun Mar 01 10:49:56.282356 2020] [ssl:debug] [pid 9852] ssl_engine_kernel.c(2319): [client 127.0.0.1:49482] AH02043: SSL virtual host for servername website.com found
[Sun Mar 01 10:49:56.282407 2020] [ssl:debug] [pid 9852] ssl_engine_kernel.c(2319): [client 127.0.0.1:49482] AH02043: SSL virtual host for servername website.com found
[Sun Mar 01 10:49:56.282418 2020] [core:debug] [pid 9852] protocol.c(2314): [client 127.0.0.1:49482] AH03155: select protocol from , choices=h2,http/1.1 for server website.com
[Sun Mar 01 10:49:56.296616 2020] [ssl:debug] [pid 9852] ssl_engine_kernel.c(2235): [client 127.0.0.1:49482] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
[Sun Mar 01 10:49:56.296936 2020] [ssl:debug] [pid 9852] ssl_engine_kernel.c(383): [client 127.0.0.1:49482] AH02034: Initial (No.1) HTTPS request received for child 3 (server website.com:443)
[Sun Mar 01 10:49:56.297023 2020] [authz_core:debug] [pid 9852] mod_authz_core.c(846): [client 127.0.0.1:49482] AH01628: authorization result: granted (no directives)
[Sun Mar 01 10:49:56.297087 2020] [proxy:debug] [pid 9852] mod_proxy.c(1249): [client 127.0.0.1:49482] AH01143: Running scheme https handler (attempt 0)
[Sun Mar 01 10:49:56.297101 2020] [proxy:debug] [pid 9852] proxy_util.c(2316): AH00942: HTTPS: has acquired connection for (*)
[Sun Mar 01 10:49:56.297113 2020] [proxy:debug] [pid 9852] proxy_util.c(2369): [client 127.0.0.1:49482] AH00944: connecting https://localhost:8443/++vh++https:website.com:443/++/index.html to localhost:8443
[Sun Mar 01 10:49:56.297467 2020] [proxy:debug] [pid 9852] proxy_util.c(2578): [client 127.0.0.1:49482] AH00947: connected /++vh++https:website.com:443/++/index.html to localhost:8443
[Sun Mar 01 10:49:56.297696 2020] [proxy:debug] [pid 9852] proxy_util.c(3047): AH02824: HTTPS: connection established with 127.0.0.1:8443 (*)
[Sun Mar 01 10:49:56.297722 2020] [proxy:debug] [pid 9852] proxy_util.c(3215): AH00962: HTTPS: connection complete to 127.0.0.1:8443 (localhost)
[Sun Mar 01 10:49:56.297739 2020] [ssl:info] [pid 9852] [remote 127.0.0.1:8443] AH01964: Connection to child 0 established (server website.com:443)
[Sun Mar 01 10:49:56.298590 2020] [ssl:debug] [pid 9852] ssl_engine_kernel.c(1740): [remote 127.0.0.1:8443] AH02275: Certificate Verification, depth 0, CRL checking mode: none (0) [subject: CN=website.com / issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US / serial: 033E19116893A728CDC809BA511D98069F7E / notbefore: Jun 29 23:22:00 2017 GMT / notafter: Sep 27 23:22:00 2017 GMT]
[Sun Mar 01 10:49:56.298625 2020] [ssl:debug] [pid 9852] ssl_engine_kernel.c(1740): [remote 127.0.0.1:8443] AH02275: Certificate Verification, depth 0, CRL checking mode: none (0) [subject: CN=website.com / issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US / serial: 033E19116893A728CDC809BA511D98069F7E / notbefore: Jun 29 23:22:00 2017 GMT / notafter: Sep 27 23:22:00 2017 GMT]
[Sun Mar 01 10:49:56.303513 2020] [ssl:debug] [pid 9852] ssl_engine_kernel.c(2235): [remote 127.0.0.1:8443] AH02041: Protocol: TLSv1, Cipher: AES256-SHA (256/256 bits)
[Sun Mar 01 10:49:56.312046 2020] [proxy:debug] [pid 9852] proxy_util.c(2331): AH00943: *: has released connection for (*)
[Sun Mar 01 10:49:56.312139 2020] [ssl:debug] [pid 9852] ssl_engine_io.c(1106): [remote 127.0.0.1:8443] AH02001: Connection closed to child 0 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:56.312204 2020] [proxy:debug] [pid 9852] proxy_util.c(3154): [remote 127.0.0.1:8443] AH02642: proxy: connection shutdown
[Sun Mar 01 10:49:56.312461 2020] [ssl:debug] [pid 9852] ssl_engine_io.c(1106): [client 127.0.0.1:49482] AH02001: Connection closed to child 3 with standard shutdown (server website.com:443):%s/do

И вывод Zope: 

127.0.0.1 - - [01/Mar/2020:10:49:01 +0200] "GET /++vh++https:www.website.com:443/++/cgi-bin/awstats.pl HTTP/1.1" 404 102 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:73.0) Gecko/20100101 Firefox/73.0"

Обновление 2

Некоторые интересные результаты для решения моей проблемы:

Если я это сделаю: 1) 

<VirtualHost *:443>

...

# REWRITE
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/cgi-bin/awstats [NC]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^/(.*) https://website.com/$1 [R=301,L]
RewriteRule ^/(.*)  https://localhost:8443/++vh++https:%{SERVER_NAME}:443/++/$1 [P,L]

...
</VirtualHost>

Затем перенаправление с https://www до https: // хорошо выполнено, но CGI сценарии генерируют ошибку Zope.

Если я сделаю: 2) удалите строку: 

 `RewriteRule ^/(.*) https://website.com/$1 [R=301,L]` )

то есть: 

<VirtualHost *:443>

...

# REWRITE
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/cgi-bin/awstats [NC]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^/(.*)  https://localhost:8443/++vh++https:%{SERVER_NAME}:443/++/$1 [P,L]

...
</VirtualHost>

Тогда перенаправление с https://www на https: // не достигается, но сценарии CGI доступны при наборе браузер https://website.com/cgi-bin/awstats.pl.

Как я могу объединить эти 2 разные конфигурации, чтобы иметь одновременно доступное перенаправление и CGI сценарии?

1 Ответ

1 голос
/ 04 марта 2020

Что вам не хватает в ваших обходных путях, так это то, что RewriteCond ассоциируется только с одним RewriteRule, который следует сразу за ним.

Если вы хотите пропустить перенаправление на zope при запросе CGI, исключите этот конкретный RewriteRule предшествуя этому условию: 

RewriteCond %{REQUEST_URI} !^/cgi-bin/awstats
# existing rule from Question
RewriteRule ^/(.*)  https://localhost:8443/++vh++https:%{SERVER_NAME}:443/++/$1 [P,L]
...