Page MenuHomePhabricator

Rewrite -> in less than 3 redirects
Open, LowestPublic


If you download a tarball from the current urls in the release announcements, you end up with

I know there's different layers to this, but, this shouldn't need 3 redirects, 1 should suffice in the best case, 2 at worst.

And shouldn't the last one be 301 Moved Permanently too?

$ wget

--2015-11-25 23:27:22--
Resolving ( 2620:0:862:ed1a::1,
Connecting to (|2620:0:862:ed1a::1|:80... connected.
HTTP request sent, awaiting response... 301 TLS Redirect
Location: [following]

--2015-11-25 23:27:22--
Connecting to (|2620:0:862:ed1a::1|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: [following]

--2015-11-25 23:27:22--
Resolving ( 2620:0:861:1:208:80:154:11,
Connecting to (|2620:0:861:1:208:80:154:11|:443... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: [following]

--2015-11-25 23:27:23--
Resolving ( 2620:0:862:ed1a::3:d,
Connecting to (|2620:0:862:ed1a::3:d|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 25174530 (24M) [application/x-gzip]

Event Timeline

Reedy created this task.Nov 25 2015, 11:47 PM
Reedy raised the priority of this task from to Lowest.
Reedy updated the task description. (Show Details)
Reedy added a subscriber: Reedy.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 25 2015, 11:47 PM

I should note that I've fixed the script that makes some of the release announcement emails to use the resultant url in so future release will use the newer url.

Doesn't fix it for old announcement urls of course.

I'll endeavour to go through and fix up on to reduce some of the incoming traffic too

I guess this related to the trailing slash redirect being handled by Apache, which responses to the request from Varnish which is over HTTP. It's not aware of itself being exposed as HTTPS to the outside. It will go to HTTP, even if the incoming request was over HTTPS.

The same applies to most other directory slash handling on various misc services.

Though in modern browsers this is skipped as it will prevent the HTTP request and use HTTPS before touching the network thanks to HSTS.

  1. 301 Permanent Redirect to (downloads -> dumps)
  2. 302 Temporarily Redirect to (dumps -> releases)
  3. 301 Permanent Redirect to (Apache adds slash, downgrade to HTTP)
  4. (307 Internal Redirect) to (Non-Authoritative-Reason:HSTS)
  • 200 OK
hashar updated the task description. (Show Details)Nov 26 2015, 9:18 AM
hashar set Security to None.
hashar added a subscriber: hashar.Nov 26 2015, 9:27 AM

Seems the wiki got updated as points to

Possibly we could short circuit trailing slash redirect and wildcard redirect straight to$1

I am not sure it is worth the time to fix them up though.

The related configuration seems to be Nginx [[ | modules/dumps/templates/nginx.dumps.conf.erb ]] which has:

rewrite ^/(other/)?mediawiki(|/.*)$                $scheme://$2 break;
greg moved this task from Backlog to INBOX on the Release-Engineering-Team board.Oct 17 2019, 5:24 PM