Page MenuHomePhabricator

Redirects to https need to set NE (no escape) in apache
Closed, ResolvedPublic

Description

%7C in my querystrings are turning in to %257C

$ curl -I "http://office.wikimedia.org/w/api.php?format=json&action=query&meta=siteinfo&siprop=namespaces%7Cnamespacealiases%7Cmagicwords%7Cfunctionhooks%7Cextensiontags%7Cgeneral%7Cinterwikimap%7Clanguages%7Cprotocols"
HTTP/1.1 301 Moved Permanently
Server: Apache
X-Powered-By: HHVM/3.3.0-static
Location: https://office.wikimedia.org/w/api.php?format=json&action=query&meta=siteinfo&siprop=namespaces%257Cnamespacealiases%257Cmagicwords%257Cfunctionhooks%257Cextensiontags%257Cgeneral%257Cinterwikimap%257Clanguages%257Cprotocols
Content-Type: text/html; charset=iso-8859-1
[...]

Event Timeline

Arlolra created this task.Feb 2 2015, 11:18 PM
Arlolra raised the priority of this task from to Needs Triage.
Arlolra updated the task description. (Show Details)
Arlolra added a subscriber: Arlolra.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 2 2015, 11:18 PM
Catrope triaged this task as Unbreak Now! priority.Feb 2 2015, 11:21 PM
Catrope updated the task description. (Show Details)
Catrope added a project: HTTPS-by-default.
Catrope set Security to None.
Catrope added a project: acl*sre-team.
Catrope added a project: HTTPS.
Catrope added subscribers: fgiunchedi, Unknown Object (User).
Reedy added a subscriber: Reedy.Feb 2 2015, 11:27 PM

I guess this needs doing manually?

https://github.com/wikimedia/operations-puppet/blob/production/modules/mediawiki/files/apache/sites/remnant.conf#L262-L263

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^/(.*)$ https://office.wikimedia.org/$1 [R=301,L]

to

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^/(.*)$ https://office.wikimedia.org/$1 [R=301,LN,E]
reedy@ubuntu64-web-esxi:~/git/operations/puppet/modules/mediawiki/files/apache/sites$ grep "\!https" -A 1 *
main.conf:    RewriteCond %{HTTP:X-Forwarded-Proto} !https
main.conf-    RewriteRule (.) https://donate.wikimedia.org%{REQUEST_URI} [R=301]
--
main.conf:    RewriteCond %{HTTP:X-Forwarded-Proto} !https
main.conf-    RewriteRule (.) https://vote.wikimedia.org%{REQUEST_URI} [R=301]
grep: redirects: Is a directory
--
remnant.conf:    RewriteCond %{HTTP:X-Forwarded-Proto} !https
remnant.conf-    RewriteRule ^/(.*)$ https://grants.wikimedia.org/$1 [R=301,L]
--
remnant.conf:    RewriteCond %{HTTP:X-Forwarded-Proto} !https
remnant.conf-    RewriteRule ^/(.*)$ https://fdc.wikimedia.org/$1 [R=301,L]
--
remnant.conf:    RewriteCond %{HTTP:X-Forwarded-Proto} !https
remnant.conf-    RewriteRule ^/(.*)$ https://internal.wikimedia.org/$1 [R=301,L]
--
remnant.conf:    RewriteCond %{HTTP:X-Forwarded-Proto} !https
remnant.conf-    RewriteRule ^/(.*)$ https://board.wikimedia.org/$1 [R=301,L]
--
remnant.conf:    RewriteCond %{HTTP:X-Forwarded-Proto} !https
remnant.conf-    RewriteRule ^/(.*)$ https://boardgovcom.wikimedia.org/$1 [R=301,L]
--
remnant.conf:    RewriteCond %{HTTP:X-Forwarded-Proto} !https
remnant.conf-    RewriteRule ^/(.*)$ https://spcom.wikimedia.org/$1 [R=301,L]
--
remnant.conf:    RewriteCond %{HTTP:X-Forwarded-Proto} !https
remnant.conf-    RewriteRule ^/(.*)$ https://chapcom.wikimedia.org/$1 [R=301,L]
--
remnant.conf:    RewriteCond %{HTTP:X-Forwarded-Proto} !https
remnant.conf-    RewriteRule ^/(.*)$ https://searchcom.wikimedia.org/$1 [R=301,L]
--
remnant.conf:    RewriteCond %{HTTP:X-Forwarded-Proto} !https
remnant.conf-    RewriteRule ^/(.*)$ https://office.wikimedia.org/$1 [R=301,L]
--
remnant.conf:    RewriteCond %{HTTP:X-Forwarded-Proto} !https
remnant.conf-    RewriteRule ^/(.*)$ https://chair.wikimedia.org/$1 [R=301,L]
--
remnant.conf:    RewriteCond %{HTTP:X-Forwarded-Proto} !https
remnant.conf-    RewriteRule ^/(.*)$ https://auditcom.wikimedia.org/$1 [R=301,L]
--
remnant.conf:    RewriteCond %{HTTP:X-Forwarded-Proto} !https
remnant.conf-    RewriteRule ^/(.*)$ https://quality.wikimedia.org/$1 [R=301,L]
--
remnant.conf:    RewriteCond %{HTTP:X-Forwarded-Proto} !https
remnant.conf-    RewriteRule ^/(.*)$ https://otrs-wiki.wikimedia.org/$1 [R=301,L]
--
remnant.conf:    RewriteCond %{HTTP:X-Forwarded-Proto} !https
remnant.conf-    RewriteRule ^/(.*)$ https://exec.wikimedia.org/$1 [R=301,L]
--
remnant.conf:    RewriteCond %{HTTP:X-Forwarded-Proto} !https
remnant.conf-    RewriteRule ^/(.*)$ https://collab.wikimedia.org/$1 [R=301,L]
--
remnant.conf:    RewriteCond %{HTTP:X-Forwarded-Proto} !https
remnant.conf-    RewriteRule ^/(.*)$ https://movementroles.wikimedia.org/$1 [R=301,L]
--
remnant.conf:    RewriteCond %{HTTP:X-Forwarded-Proto} !https
remnant.conf-    RewriteRule ^/(.*)$ https://checkuser.wikimedia.org/$1 [R=301,L]
--
remnant.conf:    RewriteCond %{HTTP:X-Forwarded-Proto} !https
remnant.conf-    RewriteRule ^/(.*)$ https://steward.wikimedia.org/$1 [R=301,L]
--
remnant.conf:    RewriteCond %{HTTP:X-Forwarded-Proto} !https
remnant.conf-    RewriteRule ^/(.*)$ https://ombudsmen.wikimedia.org/$1 [R=301,L]
--
wikimania.conf:    RewriteCond %{HTTP:X-Forwarded-Proto} !https
wikimania.conf-    RewriteRule ^/(.*)$ https://wikimaniateam.wikimedia.org/$1 [R=301,L]
--
wikimedia.conf:    RewriteCond %{HTTP:X-Forwarded-Proto} !https
wikimedia.conf-    RewriteRule ^/(.*)$ https://transitionteam.wikimedia.org/$1 [R=301,L]
--
wikimedia.conf:    RewriteCond %{HTTP:X-Forwarded-Proto} !https
wikimedia.conf-    RewriteRule ^/(.*)$ https://iegcom.wikimedia.org/$1 [R=301,L]
--
wikimedia.conf:    RewriteCond %{HTTP:X-Forwarded-Proto} !https
wikimedia.conf-    RewriteRule ^/(.*)$ https://legalteam.wikimedia.org/$1 [R=301,L]
--
wikimedia.conf:    RewriteCond %{HTTP:X-Forwarded-Proto} !https
wikimedia.conf-    RewriteRule ^/(.*)$ https://zero.wikimedia.org/$1 [R=301,L]
reedy@ubuntu64-web-esxi:~/git/operations/puppet/modules/mediawiki/files/apache/sites$
BBlack added a subscriber: BBlack.Feb 3 2015, 12:26 AM

I think you mean:

RewriteRule ^/(.*)$ https://office.wikimedia.org/$1 [R=301,L,NE]

Can someone test this somewhere and get back?

Joe claimed this task.Feb 3 2015, 5:55 AM
Joe edited subscribers, added: Joe; removed: Unknown Object (User).
Joe added a comment.Feb 3 2015, 9:40 AM

The line in @BBlack comment should work; I am still thinking of possible security implications of using NE in these rewrites, but there shouldn't be any

Joe lowered the priority of this task from Unbreak Now! to High.Feb 9 2015, 8:49 AM

Lowered priority since it seems no one is in a hurry to review this :)

Joe closed this task as Resolved.Feb 10 2015, 11:01 AM