b***@apache.org
2018-08-24 19:32:34 UTC
https://bz.apache.org/bugzilla/show_bug.cgi?id=62654
Bug ID: 62654
Summary: require ssl does not work for h2 protocol
Product: Apache httpd-2
Version: 2.4.34
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_http2
Assignee: ***@httpd.apache.org
Reporter: ***@pessoft.com
Target Milestone: ---
Hi,
When "Require ssl" directive is used on a resource and resource is accessed
using HTTP/2 protocol over SSL channel, the client is denied the access. When
"SSLRequireSSL" directive is used in such configuration instead "Require ssl",
the client can access the resource. "Require ssl" should not restrict the
access to the resource when HTTP/2 over SSL is used.
For example configuration with mod_ssl and mod_http2:
Protocols h2
<Directory /var/www/html/require>
require ssl
</Directory>
<Directory /var/www/html/sslrequire>
sslrequiressl
</Directory>
When client opens https://server.example.org/require/index.html
==> /var/log/httpd/ssl_error_log <==
[Fri Aug 24 19:25:22.500207 2018] [authz_core:error] [pid 632:tid
139848444245760] [client 127.0.0.1:42042] AH01630: client denied by server
configuration: /var/www/html/require/index.html
==> /var/log/httpd/ssl_access_log <==
127.0.0.1 - - [24/Aug/2018:19:25:22 +0000] "GET /require/index.html HTTP/2.0"
403 227
==> /var/log/httpd/ssl_request_log <==
[24/Aug/2018:19:25:22 +0000] 127.0.0.1 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET
/require/index.html HTTP/2.0" 227
When client opens https://server.example.org/require/index.html
==> /var/log/httpd/ssl_access_log <==
127.0.0.1 - - [24/Aug/2018:19:26:53 +0000] "GET /sslrequire/index.html
HTTP/2.0" 200 7
==> /var/log/httpd/ssl_request_log <==
[24/Aug/2018:19:26:53 +0000] 127.0.0.1 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET
/sslrequire/index.html HTTP/2.0" 7
Bug ID: 62654
Summary: require ssl does not work for h2 protocol
Product: Apache httpd-2
Version: 2.4.34
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_http2
Assignee: ***@httpd.apache.org
Reporter: ***@pessoft.com
Target Milestone: ---
Hi,
When "Require ssl" directive is used on a resource and resource is accessed
using HTTP/2 protocol over SSL channel, the client is denied the access. When
"SSLRequireSSL" directive is used in such configuration instead "Require ssl",
the client can access the resource. "Require ssl" should not restrict the
access to the resource when HTTP/2 over SSL is used.
For example configuration with mod_ssl and mod_http2:
Protocols h2
<Directory /var/www/html/require>
require ssl
</Directory>
<Directory /var/www/html/sslrequire>
sslrequiressl
</Directory>
When client opens https://server.example.org/require/index.html
==> /var/log/httpd/ssl_error_log <==
[Fri Aug 24 19:25:22.500207 2018] [authz_core:error] [pid 632:tid
139848444245760] [client 127.0.0.1:42042] AH01630: client denied by server
configuration: /var/www/html/require/index.html
==> /var/log/httpd/ssl_access_log <==
127.0.0.1 - - [24/Aug/2018:19:25:22 +0000] "GET /require/index.html HTTP/2.0"
403 227
==> /var/log/httpd/ssl_request_log <==
[24/Aug/2018:19:25:22 +0000] 127.0.0.1 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET
/require/index.html HTTP/2.0" 227
When client opens https://server.example.org/require/index.html
==> /var/log/httpd/ssl_access_log <==
127.0.0.1 - - [24/Aug/2018:19:26:53 +0000] "GET /sslrequire/index.html
HTTP/2.0" 200 7
==> /var/log/httpd/ssl_request_log <==
[24/Aug/2018:19:26:53 +0000] 127.0.0.1 TLSv1.3 TLS_AES_256_GCM_SHA384 "GET
/sslrequire/index.html HTTP/2.0" 7
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-***@httpd.apache.org
For additional commands, e-mail: bugs-***@httpd.apache.org
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-***@httpd.apache.org
For additional commands, e-mail: bugs-***@httpd.apache.org