修复 https://www 重定向后 CGI 脚本不再可用
CGI scripts no more available after fixing a https://www redirection
我按照 post .
我终于成功生成了通配符证书 *.website.com,它允许我使用重写规则重定向到 https://website.com from initially https://www.website.com。
现在,我面临另一个问题:我在 cgi-bin 目录中的 CGI 脚本不再工作,例如:https://website.com/cgi-bin/awstats.pl
我正在使用以下重写规则将 https://www.website.com 变为 https://webiste.com(使用 apache 后面的 zope 框架):
<VirtualHost *:443>
# Name
ServerAdmin admin@website.com
ServerName website.com
ServerAlias www.website.com
# LOG
CustomLog /var/log/apache2/access.log combined
# ACTIVATE SSL
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/website.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/website.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/website.com/chain.pem
# REWRITE
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/cgi-bin/awstats [NC]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/ [R=301,L]
RewriteRule ^/(.*) https://localhost:8443/++vh++https:%{SERVER_NAME}:443/++/ [P,L]
SSLProxyEngine On
RequestHeader set Front-End-Https "On"
#CacheDisable *
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
Alias /awstatsclasses "/usr/share/awstats/lib/"
Alias /awstats-icon "/usr/share/awstats/icon/"
Alias /awstatscss "/usr/share/doc/awstats/examples/css"
<Directory "/usr/lib/cgi-bin/">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
SSLRequireSSL
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerAdmin admin@website.com
ServerName website.com
ServerAlias www.website.com
RewriteCond %{REQUEST_URI} ^/www\. [NC,OR]
RewriteCond %{REQUEST_URI} !^/podcast [NC]
# Rewrite below works : redirect 80 => https
RewriteRule ^/(.*) https://website.com/ [R=301,L]
# For Zope
RewriteRule ^/(.*) http://localhost:9674/++vh++http:%{SERVER_NAME}:80/++/ [P,L]
</IfModule>
</VirtualHost>
这很棘手,但结果是,如果我键入:https://website.com/cgi-bin/awstats.pl,我得到相当于 Apache2 的 404 错误,但来自 Zope。
如何使我的 CGI 脚本再次工作?
与之前的 post 相比令人沮丧:我已经修复了重定向 https://www.website.com to https://website.com 但是现在,这些 CGI 脚本无法再访问。
重定向修改前https://www to https://no-www,脚本可用。我不明白它可能来自哪里。
更新 1
Apache2 的输出:
[Sun Mar 01 10:49:33.445944 2020] [ssl:debug] [pid 9866] ssl_engine_kernel.c(383): [client 91.171.129.151:7825] AH02034: Subsequent (No.7) HTTPS request received for child 7 (server website.com:443), referer: https://website.com/style/style2.css
[Sun Mar 01 10:49:33.445986 2020] [authz_core:debug] [pid 9866] mod_authz_core.c(846): [client 91.171.129.151:7825] AH01628: authorization result: granted (no directives), referer: https://website.com/style/style2.css
[Sun Mar 01 10:49:33.446022 2020] [proxy:debug] [pid 9866] mod_proxy.c(1249): [client 91.171.129.151:7825] AH01143: Running scheme https handler (attempt 0), referer: https://website.com/style/style2.css
[Sun Mar 01 10:49:33.446032 2020] [proxy:debug] [pid 9866] proxy_util.c(2316): AH00942: HTTPS: has acquired connection for (*)
[Sun Mar 01 10:49:33.446041 2020] [proxy:debug] [pid 9866] proxy_util.c(2369): [client 91.171.129.151:7825] AH00944: connecting https://localhost:8443/++vh++https:website.com:443/++/images/up-arrow.png to localhost:8443, referer: https://website.com/style/style2.css
[Sun Mar 01 10:49:33.446204 2020] [proxy:debug] [pid 9866] proxy_util.c(2578): [client 91.171.129.151:7825] AH00947: connected /++vh++https:website.com:443/++/images/up-arrow.png to localhost:8443, referer: https://website.com/style/style2.css
[Sun Mar 01 10:49:33.446288 2020] [proxy:debug] [pid 9866] proxy_util.c(3047): AH02824: HTTPS: connection established with 127.0.0.1:8443 (*)
[Sun Mar 01 10:49:33.446307 2020] [proxy:debug] [pid 9866] proxy_util.c(3215): AH00962: HTTPS: connection complete to 127.0.0.1:8443 (localhost)
[Sun Mar 01 10:49:33.446320 2020] [ssl:info] [pid 9866] [remote 127.0.0.1:8443] AH01964: Connection to child 0 established (server website.com:443)
[Sun Mar 01 10:49:33.454637 2020] [proxy:debug] [pid 9865] proxy_util.c(2331): AH00943: *: has released connection for (*)
[Sun Mar 01 10:49:33.454721 2020] [ssl:debug] [pid 9865] ssl_engine_io.c(1106): [remote 127.0.0.1:8443] AH02001: Connection closed to child 0 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:33.454772 2020] [proxy:debug] [pid 9865] proxy_util.c(3154): [remote 127.0.0.1:8443] AH02642: proxy: connection shutdown
[Sun Mar 01 10:49:33.459030 2020] [proxy:debug] [pid 9851] proxy_util.c(2331): AH00943: *: has released connection for (*)
[Sun Mar 01 10:49:33.459109 2020] [ssl:debug] [pid 9851] ssl_engine_io.c(1106): [remote 127.0.0.1:8443] AH02001: Connection closed to child 0 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:33.459144 2020] [ssl:debug] [pid 9866] ssl_engine_kernel.c(1740): [remote 127.0.0.1:8443] AH02275: Certificate Verification, depth 0, CRL checking mode: none (0) [subject: CN=website.com / issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US / serial: 033E19116893A728CDC809BA511D98069F7E / notbefore: Jun 29 23:22:00 2017 GMT / notafter: Sep 27 23:22:00 2017 GMT]
[Sun Mar 01 10:49:33.459161 2020] [proxy:debug] [pid 9851] proxy_util.c(3154): [remote 127.0.0.1:8443] AH02642: proxy: connection shutdown
[Sun Mar 01 10:49:33.459193 2020] [ssl:debug] [pid 9866] ssl_engine_kernel.c(1740): [remote 127.0.0.1:8443] AH02275: Certificate Verification, depth 0, CRL checking mode: none (0) [subject: CN=website.com / issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US / serial: 033E19116893A728CDC809BA511D98069F7E / notbefore: Jun 29 23:22:00 2017 GMT / notafter: Sep 27 23:22:00 2017 GMT]
[Sun Mar 01 10:49:33.463339 2020] [ssl:debug] [pid 9866] ssl_engine_kernel.c(2235): [remote 127.0.0.1:8443] AH02041: Protocol: TLSv1, Cipher: AES256-SHA (256/256 bits)
[Sun Mar 01 10:49:33.463411 2020] [proxy:debug] [pid 9853] proxy_util.c(2331): AH00943: *: has released connection for (*)
[Sun Mar 01 10:49:33.463486 2020] [ssl:debug] [pid 9853] ssl_engine_io.c(1106): [remote 127.0.0.1:8443] AH02001: Connection closed to child 0 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:33.463534 2020] [proxy:debug] [pid 9853] proxy_util.c(3154): [remote 127.0.0.1:8443] AH02642: proxy: connection shutdown
[Sun Mar 01 10:49:33.471527 2020] [proxy:debug] [pid 9866] proxy_util.c(2331): AH00943: *: has released connection for (*)
[Sun Mar 01 10:49:33.471590 2020] [ssl:debug] [pid 9866] ssl_engine_io.c(1106): [remote 127.0.0.1:8443] AH02001: Connection closed to child 0 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:33.471627 2020] [proxy:debug] [pid 9866] proxy_util.c(3154): [remote 127.0.0.1:8443] AH02642: proxy: connection shutdown
[Sun Mar 01 10:49:33.511179 2020] [ssl:debug] [pid 9853] ssl_engine_kernel.c(383): [client 91.171.129.151:7821] AH02034: Subsequent (No.8) HTTPS request received for child 4 (server website.com:443)
[Sun Mar 01 10:49:33.511249 2020] [authz_core:debug] [pid 9853] mod_authz_core.c(846): [client 91.171.129.151:7821] AH01628: authorization result: granted (no directives)
[Sun Mar 01 10:49:33.511303 2020] [proxy:debug] [pid 9853] mod_proxy.c(1249): [client 91.171.129.151:7821] AH01143: Running scheme https handler (attempt 0)
[Sun Mar 01 10:49:33.511332 2020] [proxy:debug] [pid 9853] proxy_util.c(2316): AH00942: HTTPS: has acquired connection for (*)
[Sun Mar 01 10:49:33.511343 2020] [proxy:debug] [pid 9853] proxy_util.c(2369): [client 91.171.129.151:7821] AH00944: connecting https://localhost:8443/++vh++https:website.com:443/++/favicon.ico to localhost:8443
[Sun Mar 01 10:49:33.511551 2020] [proxy:debug] [pid 9853] proxy_util.c(2578): [client 91.171.129.151:7821] AH00947: connected /++vh++https:website.com:443/++/favicon.ico to localhost:8443
[Sun Mar 01 10:49:33.511670 2020] [proxy:debug] [pid 9853] proxy_util.c(3047): AH02824: HTTPS: connection established with 127.0.0.1:8443 (*)
[Sun Mar 01 10:49:33.511696 2020] [proxy:debug] [pid 9853] proxy_util.c(3215): AH00962: HTTPS: connection complete to 127.0.0.1:8443 (localhost)
[Sun Mar 01 10:49:33.511713 2020] [ssl:info] [pid 9853] [remote 127.0.0.1:8443] AH01964: Connection to child 0 established (server website.com:443)
[Sun Mar 01 10:49:33.512494 2020] [ssl:debug] [pid 9853] ssl_engine_kernel.c(1740): [remote 127.0.0.1:8443] AH02275: Certificate Verification, depth 0, CRL checking mode: none (0) [subject: CN=website.com / issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US / serial: 033E19116893A728CDC809BA511D98069F7E / notbefore: Jun 29 23:22:00 2017 GMT / notafter: Sep 27 23:22:00 2017 GMT]
[Sun Mar 01 10:49:33.512541 2020] [ssl:debug] [pid 9853] ssl_engine_kernel.c(1740): [remote 127.0.0.1:8443] AH02275: Certificate Verification, depth 0, CRL checking mode: none (0) [subject: CN=website.com / issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US / serial: 033E19116893A728CDC809BA511D98069F7E / notbefore: Jun 29 23:22:00 2017 GMT / notafter: Sep 27 23:22:00 2017 GMT]
[Sun Mar 01 10:49:33.517345 2020] [ssl:debug] [pid 9853] ssl_engine_kernel.c(2235): [remote 127.0.0.1:8443] AH02041: Protocol: TLSv1, Cipher: AES256-SHA (256/256 bits)
[Sun Mar 01 10:49:33.525382 2020] [proxy:debug] [pid 9853] proxy_util.c(2331): AH00943: *: has released connection for (*)
[Sun Mar 01 10:49:33.525443 2020] [ssl:debug] [pid 9853] ssl_engine_io.c(1106): [remote 127.0.0.1:8443] AH02001: Connection closed to child 0 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:33.525476 2020] [proxy:debug] [pid 9853] proxy_util.c(3154): [remote 127.0.0.1:8443] AH02642: proxy: connection shutdown
[Sun Mar 01 10:49:34.109743 2020] [watchdog:debug] [pid 9869] mod_watchdog.c(567): AH02980: Watchdog: nothing configured?
[Sun Mar 01 10:49:34.109885 2020] [proxy:debug] [pid 9869] proxy_util.c(1924): AH00925: initializing worker proxy:reverse shared
[Sun Mar 01 10:49:34.109901 2020] [proxy:debug] [pid 9869] proxy_util.c(1981): AH00927: initializing worker proxy:reverse local
[Sun Mar 01 10:49:34.109955 2020] [proxy:debug] [pid 9869] proxy_util.c(2032): AH00931: initialized single connection worker in child 9869 for (*)
[Sun Mar 01 10:49:34.110492 2020] [watchdog:debug] [pid 9870] mod_watchdog.c(567): AH02980: Watchdog: nothing configured?
[Sun Mar 01 10:49:34.110610 2020] [proxy:debug] [pid 9870] proxy_util.c(1924): AH00925: initializing worker proxy:reverse shared
[Sun Mar 01 10:49:34.110625 2020] [proxy:debug] [pid 9870] proxy_util.c(1981): AH00927: initializing worker proxy:reverse local
[Sun Mar 01 10:49:34.110674 2020] [proxy:debug] [pid 9870] proxy_util.c(2032): AH00931: initialized single connection worker in child 9870 for (*)
[Sun Mar 01 10:49:48.437276 2020] [ssl:debug] [pid 9864] ssl_engine_io.c(1106): [client 91.171.129.151:7823] AH02001: Connection closed to child 5 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:48.438985 2020] [ssl:debug] [pid 9849] ssl_engine_io.c(1106): [client 91.171.129.151:7822] AH02001: Connection closed to child 0 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:48.467248 2020] [ssl:debug] [pid 9865] ssl_engine_io.c(1106): [client 91.171.129.151:7824] AH02001: Connection closed to child 6 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:48.470814 2020] [ssl:debug] [pid 9851] ssl_engine_io.c(1106): [client 91.171.129.151:7820] AH02001: Connection closed to child 2 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:48.478015 2020] [ssl:debug] [pid 9866] ssl_engine_io.c(1106): [client 91.171.129.151:7825] AH02001: Connection closed to child 7 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:48.539212 2020] [ssl:debug] [pid 9853] ssl_engine_io.c(1106): [client 91.171.129.151:7821] AH02001: Connection closed to child 4 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:56.282123 2020] [ssl:info] [pid 9852] [client 127.0.0.1:49482] AH01964: Connection to child 3 established (server website.com:443)
[Sun Mar 01 10:49:56.282356 2020] [ssl:debug] [pid 9852] ssl_engine_kernel.c(2319): [client 127.0.0.1:49482] AH02043: SSL virtual host for servername website.com found
[Sun Mar 01 10:49:56.282407 2020] [ssl:debug] [pid 9852] ssl_engine_kernel.c(2319): [client 127.0.0.1:49482] AH02043: SSL virtual host for servername website.com found
[Sun Mar 01 10:49:56.282418 2020] [core:debug] [pid 9852] protocol.c(2314): [client 127.0.0.1:49482] AH03155: select protocol from , choices=h2,http/1.1 for server website.com
[Sun Mar 01 10:49:56.296616 2020] [ssl:debug] [pid 9852] ssl_engine_kernel.c(2235): [client 127.0.0.1:49482] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
[Sun Mar 01 10:49:56.296936 2020] [ssl:debug] [pid 9852] ssl_engine_kernel.c(383): [client 127.0.0.1:49482] AH02034: Initial (No.1) HTTPS request received for child 3 (server website.com:443)
[Sun Mar 01 10:49:56.297023 2020] [authz_core:debug] [pid 9852] mod_authz_core.c(846): [client 127.0.0.1:49482] AH01628: authorization result: granted (no directives)
[Sun Mar 01 10:49:56.297087 2020] [proxy:debug] [pid 9852] mod_proxy.c(1249): [client 127.0.0.1:49482] AH01143: Running scheme https handler (attempt 0)
[Sun Mar 01 10:49:56.297101 2020] [proxy:debug] [pid 9852] proxy_util.c(2316): AH00942: HTTPS: has acquired connection for (*)
[Sun Mar 01 10:49:56.297113 2020] [proxy:debug] [pid 9852] proxy_util.c(2369): [client 127.0.0.1:49482] AH00944: connecting https://localhost:8443/++vh++https:website.com:443/++/index.html to localhost:8443
[Sun Mar 01 10:49:56.297467 2020] [proxy:debug] [pid 9852] proxy_util.c(2578): [client 127.0.0.1:49482] AH00947: connected /++vh++https:website.com:443/++/index.html to localhost:8443
[Sun Mar 01 10:49:56.297696 2020] [proxy:debug] [pid 9852] proxy_util.c(3047): AH02824: HTTPS: connection established with 127.0.0.1:8443 (*)
[Sun Mar 01 10:49:56.297722 2020] [proxy:debug] [pid 9852] proxy_util.c(3215): AH00962: HTTPS: connection complete to 127.0.0.1:8443 (localhost)
[Sun Mar 01 10:49:56.297739 2020] [ssl:info] [pid 9852] [remote 127.0.0.1:8443] AH01964: Connection to child 0 established (server website.com:443)
[Sun Mar 01 10:49:56.298590 2020] [ssl:debug] [pid 9852] ssl_engine_kernel.c(1740): [remote 127.0.0.1:8443] AH02275: Certificate Verification, depth 0, CRL checking mode: none (0) [subject: CN=website.com / issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US / serial: 033E19116893A728CDC809BA511D98069F7E / notbefore: Jun 29 23:22:00 2017 GMT / notafter: Sep 27 23:22:00 2017 GMT]
[Sun Mar 01 10:49:56.298625 2020] [ssl:debug] [pid 9852] ssl_engine_kernel.c(1740): [remote 127.0.0.1:8443] AH02275: Certificate Verification, depth 0, CRL checking mode: none (0) [subject: CN=website.com / issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US / serial: 033E19116893A728CDC809BA511D98069F7E / notbefore: Jun 29 23:22:00 2017 GMT / notafter: Sep 27 23:22:00 2017 GMT]
[Sun Mar 01 10:49:56.303513 2020] [ssl:debug] [pid 9852] ssl_engine_kernel.c(2235): [remote 127.0.0.1:8443] AH02041: Protocol: TLSv1, Cipher: AES256-SHA (256/256 bits)
[Sun Mar 01 10:49:56.312046 2020] [proxy:debug] [pid 9852] proxy_util.c(2331): AH00943: *: has released connection for (*)
[Sun Mar 01 10:49:56.312139 2020] [ssl:debug] [pid 9852] ssl_engine_io.c(1106): [remote 127.0.0.1:8443] AH02001: Connection closed to child 0 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:56.312204 2020] [proxy:debug] [pid 9852] proxy_util.c(3154): [remote 127.0.0.1:8443] AH02642: proxy: connection shutdown
[Sun Mar 01 10:49:56.312461 2020] [ssl:debug] [pid 9852] ssl_engine_io.c(1106): [client 127.0.0.1:49482] AH02001: Connection closed to child 3 with standard shutdown (server website.com:443):%s/do
Zope 的输出:
127.0.0.1 - - [01/Mar/2020:10:49:01 +0200] "GET /++vh++https:www.website.com:443/++/cgi-bin/awstats.pl HTTP/1.1" 404 102 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:73.0) Gecko/20100101 Firefox/73.0"
更新 2
解决我的问题的一些有趣的结果:
如果我这样做:1)
<VirtualHost *:443>
...
# REWRITE
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/cgi-bin/awstats [NC]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^/(.*) https://website.com/ [R=301,L]
RewriteRule ^/(.*) https://localhost:8443/++vh++https:%{SERVER_NAME}:443/++/ [P,L]
...
</VirtualHost>
然后,从 https://www 到 https:// 的重定向很好地实现了,但是 CGI 脚本生成了一个 Zope 错误。
如果我这样做:2) 删除行:
`RewriteRule ^/(.*) https://website.com/ [R=301,L]` )
即:
<VirtualHost *:443>
...
# REWRITE
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/cgi-bin/awstats [NC]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^/(.*) https://localhost:8443/++vh++https:%{SERVER_NAME}:443/++/ [P,L]
...
</VirtualHost>
然后从 https://www 到 https:// 的重定向没有实现,但是 CGI 脚本可以通过在浏览器中输入 https://website.com/cgi-bin/awstats.pl.
我如何结合这两种不同的配置,以便同时进行重定向和 CGI 脚本可用?
您在解决方法中遗漏的是 RewriteCond 仅与紧随其后的单个 RewriteRule 相关联。
如果您想在请求 CGI 时跳过重定向到 zope,请通过在其前面加上条件来排除特定的 RewriteRule:
RewriteCond %{REQUEST_URI} !^/cgi-bin/awstats
# existing rule from Question
RewriteRule ^/(.*) https://localhost:8443/++vh++https:%{SERVER_NAME}:443/++/ [P,L]
我按照 post
我终于成功生成了通配符证书 *.website.com,它允许我使用重写规则重定向到 https://website.com from initially https://www.website.com。
现在,我面临另一个问题:我在 cgi-bin 目录中的 CGI 脚本不再工作,例如:https://website.com/cgi-bin/awstats.pl
我正在使用以下重写规则将 https://www.website.com 变为 https://webiste.com(使用 apache 后面的 zope 框架):
<VirtualHost *:443>
# Name
ServerAdmin admin@website.com
ServerName website.com
ServerAlias www.website.com
# LOG
CustomLog /var/log/apache2/access.log combined
# ACTIVATE SSL
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/website.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/website.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/website.com/chain.pem
# REWRITE
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/cgi-bin/awstats [NC]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/ [R=301,L]
RewriteRule ^/(.*) https://localhost:8443/++vh++https:%{SERVER_NAME}:443/++/ [P,L]
SSLProxyEngine On
RequestHeader set Front-End-Https "On"
#CacheDisable *
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
Alias /awstatsclasses "/usr/share/awstats/lib/"
Alias /awstats-icon "/usr/share/awstats/icon/"
Alias /awstatscss "/usr/share/doc/awstats/examples/css"
<Directory "/usr/lib/cgi-bin/">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
SSLRequireSSL
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerAdmin admin@website.com
ServerName website.com
ServerAlias www.website.com
RewriteCond %{REQUEST_URI} ^/www\. [NC,OR]
RewriteCond %{REQUEST_URI} !^/podcast [NC]
# Rewrite below works : redirect 80 => https
RewriteRule ^/(.*) https://website.com/ [R=301,L]
# For Zope
RewriteRule ^/(.*) http://localhost:9674/++vh++http:%{SERVER_NAME}:80/++/ [P,L]
</IfModule>
</VirtualHost>
这很棘手,但结果是,如果我键入:https://website.com/cgi-bin/awstats.pl,我得到相当于 Apache2 的 404 错误,但来自 Zope。
如何使我的 CGI 脚本再次工作?
与之前的 post 相比令人沮丧:我已经修复了重定向 https://www.website.com to https://website.com 但是现在,这些 CGI 脚本无法再访问。
重定向修改前https://www to https://no-www,脚本可用。我不明白它可能来自哪里。
更新 1
Apache2 的输出:
[Sun Mar 01 10:49:33.445944 2020] [ssl:debug] [pid 9866] ssl_engine_kernel.c(383): [client 91.171.129.151:7825] AH02034: Subsequent (No.7) HTTPS request received for child 7 (server website.com:443), referer: https://website.com/style/style2.css
[Sun Mar 01 10:49:33.445986 2020] [authz_core:debug] [pid 9866] mod_authz_core.c(846): [client 91.171.129.151:7825] AH01628: authorization result: granted (no directives), referer: https://website.com/style/style2.css
[Sun Mar 01 10:49:33.446022 2020] [proxy:debug] [pid 9866] mod_proxy.c(1249): [client 91.171.129.151:7825] AH01143: Running scheme https handler (attempt 0), referer: https://website.com/style/style2.css
[Sun Mar 01 10:49:33.446032 2020] [proxy:debug] [pid 9866] proxy_util.c(2316): AH00942: HTTPS: has acquired connection for (*)
[Sun Mar 01 10:49:33.446041 2020] [proxy:debug] [pid 9866] proxy_util.c(2369): [client 91.171.129.151:7825] AH00944: connecting https://localhost:8443/++vh++https:website.com:443/++/images/up-arrow.png to localhost:8443, referer: https://website.com/style/style2.css
[Sun Mar 01 10:49:33.446204 2020] [proxy:debug] [pid 9866] proxy_util.c(2578): [client 91.171.129.151:7825] AH00947: connected /++vh++https:website.com:443/++/images/up-arrow.png to localhost:8443, referer: https://website.com/style/style2.css
[Sun Mar 01 10:49:33.446288 2020] [proxy:debug] [pid 9866] proxy_util.c(3047): AH02824: HTTPS: connection established with 127.0.0.1:8443 (*)
[Sun Mar 01 10:49:33.446307 2020] [proxy:debug] [pid 9866] proxy_util.c(3215): AH00962: HTTPS: connection complete to 127.0.0.1:8443 (localhost)
[Sun Mar 01 10:49:33.446320 2020] [ssl:info] [pid 9866] [remote 127.0.0.1:8443] AH01964: Connection to child 0 established (server website.com:443)
[Sun Mar 01 10:49:33.454637 2020] [proxy:debug] [pid 9865] proxy_util.c(2331): AH00943: *: has released connection for (*)
[Sun Mar 01 10:49:33.454721 2020] [ssl:debug] [pid 9865] ssl_engine_io.c(1106): [remote 127.0.0.1:8443] AH02001: Connection closed to child 0 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:33.454772 2020] [proxy:debug] [pid 9865] proxy_util.c(3154): [remote 127.0.0.1:8443] AH02642: proxy: connection shutdown
[Sun Mar 01 10:49:33.459030 2020] [proxy:debug] [pid 9851] proxy_util.c(2331): AH00943: *: has released connection for (*)
[Sun Mar 01 10:49:33.459109 2020] [ssl:debug] [pid 9851] ssl_engine_io.c(1106): [remote 127.0.0.1:8443] AH02001: Connection closed to child 0 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:33.459144 2020] [ssl:debug] [pid 9866] ssl_engine_kernel.c(1740): [remote 127.0.0.1:8443] AH02275: Certificate Verification, depth 0, CRL checking mode: none (0) [subject: CN=website.com / issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US / serial: 033E19116893A728CDC809BA511D98069F7E / notbefore: Jun 29 23:22:00 2017 GMT / notafter: Sep 27 23:22:00 2017 GMT]
[Sun Mar 01 10:49:33.459161 2020] [proxy:debug] [pid 9851] proxy_util.c(3154): [remote 127.0.0.1:8443] AH02642: proxy: connection shutdown
[Sun Mar 01 10:49:33.459193 2020] [ssl:debug] [pid 9866] ssl_engine_kernel.c(1740): [remote 127.0.0.1:8443] AH02275: Certificate Verification, depth 0, CRL checking mode: none (0) [subject: CN=website.com / issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US / serial: 033E19116893A728CDC809BA511D98069F7E / notbefore: Jun 29 23:22:00 2017 GMT / notafter: Sep 27 23:22:00 2017 GMT]
[Sun Mar 01 10:49:33.463339 2020] [ssl:debug] [pid 9866] ssl_engine_kernel.c(2235): [remote 127.0.0.1:8443] AH02041: Protocol: TLSv1, Cipher: AES256-SHA (256/256 bits)
[Sun Mar 01 10:49:33.463411 2020] [proxy:debug] [pid 9853] proxy_util.c(2331): AH00943: *: has released connection for (*)
[Sun Mar 01 10:49:33.463486 2020] [ssl:debug] [pid 9853] ssl_engine_io.c(1106): [remote 127.0.0.1:8443] AH02001: Connection closed to child 0 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:33.463534 2020] [proxy:debug] [pid 9853] proxy_util.c(3154): [remote 127.0.0.1:8443] AH02642: proxy: connection shutdown
[Sun Mar 01 10:49:33.471527 2020] [proxy:debug] [pid 9866] proxy_util.c(2331): AH00943: *: has released connection for (*)
[Sun Mar 01 10:49:33.471590 2020] [ssl:debug] [pid 9866] ssl_engine_io.c(1106): [remote 127.0.0.1:8443] AH02001: Connection closed to child 0 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:33.471627 2020] [proxy:debug] [pid 9866] proxy_util.c(3154): [remote 127.0.0.1:8443] AH02642: proxy: connection shutdown
[Sun Mar 01 10:49:33.511179 2020] [ssl:debug] [pid 9853] ssl_engine_kernel.c(383): [client 91.171.129.151:7821] AH02034: Subsequent (No.8) HTTPS request received for child 4 (server website.com:443)
[Sun Mar 01 10:49:33.511249 2020] [authz_core:debug] [pid 9853] mod_authz_core.c(846): [client 91.171.129.151:7821] AH01628: authorization result: granted (no directives)
[Sun Mar 01 10:49:33.511303 2020] [proxy:debug] [pid 9853] mod_proxy.c(1249): [client 91.171.129.151:7821] AH01143: Running scheme https handler (attempt 0)
[Sun Mar 01 10:49:33.511332 2020] [proxy:debug] [pid 9853] proxy_util.c(2316): AH00942: HTTPS: has acquired connection for (*)
[Sun Mar 01 10:49:33.511343 2020] [proxy:debug] [pid 9853] proxy_util.c(2369): [client 91.171.129.151:7821] AH00944: connecting https://localhost:8443/++vh++https:website.com:443/++/favicon.ico to localhost:8443
[Sun Mar 01 10:49:33.511551 2020] [proxy:debug] [pid 9853] proxy_util.c(2578): [client 91.171.129.151:7821] AH00947: connected /++vh++https:website.com:443/++/favicon.ico to localhost:8443
[Sun Mar 01 10:49:33.511670 2020] [proxy:debug] [pid 9853] proxy_util.c(3047): AH02824: HTTPS: connection established with 127.0.0.1:8443 (*)
[Sun Mar 01 10:49:33.511696 2020] [proxy:debug] [pid 9853] proxy_util.c(3215): AH00962: HTTPS: connection complete to 127.0.0.1:8443 (localhost)
[Sun Mar 01 10:49:33.511713 2020] [ssl:info] [pid 9853] [remote 127.0.0.1:8443] AH01964: Connection to child 0 established (server website.com:443)
[Sun Mar 01 10:49:33.512494 2020] [ssl:debug] [pid 9853] ssl_engine_kernel.c(1740): [remote 127.0.0.1:8443] AH02275: Certificate Verification, depth 0, CRL checking mode: none (0) [subject: CN=website.com / issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US / serial: 033E19116893A728CDC809BA511D98069F7E / notbefore: Jun 29 23:22:00 2017 GMT / notafter: Sep 27 23:22:00 2017 GMT]
[Sun Mar 01 10:49:33.512541 2020] [ssl:debug] [pid 9853] ssl_engine_kernel.c(1740): [remote 127.0.0.1:8443] AH02275: Certificate Verification, depth 0, CRL checking mode: none (0) [subject: CN=website.com / issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US / serial: 033E19116893A728CDC809BA511D98069F7E / notbefore: Jun 29 23:22:00 2017 GMT / notafter: Sep 27 23:22:00 2017 GMT]
[Sun Mar 01 10:49:33.517345 2020] [ssl:debug] [pid 9853] ssl_engine_kernel.c(2235): [remote 127.0.0.1:8443] AH02041: Protocol: TLSv1, Cipher: AES256-SHA (256/256 bits)
[Sun Mar 01 10:49:33.525382 2020] [proxy:debug] [pid 9853] proxy_util.c(2331): AH00943: *: has released connection for (*)
[Sun Mar 01 10:49:33.525443 2020] [ssl:debug] [pid 9853] ssl_engine_io.c(1106): [remote 127.0.0.1:8443] AH02001: Connection closed to child 0 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:33.525476 2020] [proxy:debug] [pid 9853] proxy_util.c(3154): [remote 127.0.0.1:8443] AH02642: proxy: connection shutdown
[Sun Mar 01 10:49:34.109743 2020] [watchdog:debug] [pid 9869] mod_watchdog.c(567): AH02980: Watchdog: nothing configured?
[Sun Mar 01 10:49:34.109885 2020] [proxy:debug] [pid 9869] proxy_util.c(1924): AH00925: initializing worker proxy:reverse shared
[Sun Mar 01 10:49:34.109901 2020] [proxy:debug] [pid 9869] proxy_util.c(1981): AH00927: initializing worker proxy:reverse local
[Sun Mar 01 10:49:34.109955 2020] [proxy:debug] [pid 9869] proxy_util.c(2032): AH00931: initialized single connection worker in child 9869 for (*)
[Sun Mar 01 10:49:34.110492 2020] [watchdog:debug] [pid 9870] mod_watchdog.c(567): AH02980: Watchdog: nothing configured?
[Sun Mar 01 10:49:34.110610 2020] [proxy:debug] [pid 9870] proxy_util.c(1924): AH00925: initializing worker proxy:reverse shared
[Sun Mar 01 10:49:34.110625 2020] [proxy:debug] [pid 9870] proxy_util.c(1981): AH00927: initializing worker proxy:reverse local
[Sun Mar 01 10:49:34.110674 2020] [proxy:debug] [pid 9870] proxy_util.c(2032): AH00931: initialized single connection worker in child 9870 for (*)
[Sun Mar 01 10:49:48.437276 2020] [ssl:debug] [pid 9864] ssl_engine_io.c(1106): [client 91.171.129.151:7823] AH02001: Connection closed to child 5 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:48.438985 2020] [ssl:debug] [pid 9849] ssl_engine_io.c(1106): [client 91.171.129.151:7822] AH02001: Connection closed to child 0 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:48.467248 2020] [ssl:debug] [pid 9865] ssl_engine_io.c(1106): [client 91.171.129.151:7824] AH02001: Connection closed to child 6 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:48.470814 2020] [ssl:debug] [pid 9851] ssl_engine_io.c(1106): [client 91.171.129.151:7820] AH02001: Connection closed to child 2 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:48.478015 2020] [ssl:debug] [pid 9866] ssl_engine_io.c(1106): [client 91.171.129.151:7825] AH02001: Connection closed to child 7 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:48.539212 2020] [ssl:debug] [pid 9853] ssl_engine_io.c(1106): [client 91.171.129.151:7821] AH02001: Connection closed to child 4 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:56.282123 2020] [ssl:info] [pid 9852] [client 127.0.0.1:49482] AH01964: Connection to child 3 established (server website.com:443)
[Sun Mar 01 10:49:56.282356 2020] [ssl:debug] [pid 9852] ssl_engine_kernel.c(2319): [client 127.0.0.1:49482] AH02043: SSL virtual host for servername website.com found
[Sun Mar 01 10:49:56.282407 2020] [ssl:debug] [pid 9852] ssl_engine_kernel.c(2319): [client 127.0.0.1:49482] AH02043: SSL virtual host for servername website.com found
[Sun Mar 01 10:49:56.282418 2020] [core:debug] [pid 9852] protocol.c(2314): [client 127.0.0.1:49482] AH03155: select protocol from , choices=h2,http/1.1 for server website.com
[Sun Mar 01 10:49:56.296616 2020] [ssl:debug] [pid 9852] ssl_engine_kernel.c(2235): [client 127.0.0.1:49482] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
[Sun Mar 01 10:49:56.296936 2020] [ssl:debug] [pid 9852] ssl_engine_kernel.c(383): [client 127.0.0.1:49482] AH02034: Initial (No.1) HTTPS request received for child 3 (server website.com:443)
[Sun Mar 01 10:49:56.297023 2020] [authz_core:debug] [pid 9852] mod_authz_core.c(846): [client 127.0.0.1:49482] AH01628: authorization result: granted (no directives)
[Sun Mar 01 10:49:56.297087 2020] [proxy:debug] [pid 9852] mod_proxy.c(1249): [client 127.0.0.1:49482] AH01143: Running scheme https handler (attempt 0)
[Sun Mar 01 10:49:56.297101 2020] [proxy:debug] [pid 9852] proxy_util.c(2316): AH00942: HTTPS: has acquired connection for (*)
[Sun Mar 01 10:49:56.297113 2020] [proxy:debug] [pid 9852] proxy_util.c(2369): [client 127.0.0.1:49482] AH00944: connecting https://localhost:8443/++vh++https:website.com:443/++/index.html to localhost:8443
[Sun Mar 01 10:49:56.297467 2020] [proxy:debug] [pid 9852] proxy_util.c(2578): [client 127.0.0.1:49482] AH00947: connected /++vh++https:website.com:443/++/index.html to localhost:8443
[Sun Mar 01 10:49:56.297696 2020] [proxy:debug] [pid 9852] proxy_util.c(3047): AH02824: HTTPS: connection established with 127.0.0.1:8443 (*)
[Sun Mar 01 10:49:56.297722 2020] [proxy:debug] [pid 9852] proxy_util.c(3215): AH00962: HTTPS: connection complete to 127.0.0.1:8443 (localhost)
[Sun Mar 01 10:49:56.297739 2020] [ssl:info] [pid 9852] [remote 127.0.0.1:8443] AH01964: Connection to child 0 established (server website.com:443)
[Sun Mar 01 10:49:56.298590 2020] [ssl:debug] [pid 9852] ssl_engine_kernel.c(1740): [remote 127.0.0.1:8443] AH02275: Certificate Verification, depth 0, CRL checking mode: none (0) [subject: CN=website.com / issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US / serial: 033E19116893A728CDC809BA511D98069F7E / notbefore: Jun 29 23:22:00 2017 GMT / notafter: Sep 27 23:22:00 2017 GMT]
[Sun Mar 01 10:49:56.298625 2020] [ssl:debug] [pid 9852] ssl_engine_kernel.c(1740): [remote 127.0.0.1:8443] AH02275: Certificate Verification, depth 0, CRL checking mode: none (0) [subject: CN=website.com / issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US / serial: 033E19116893A728CDC809BA511D98069F7E / notbefore: Jun 29 23:22:00 2017 GMT / notafter: Sep 27 23:22:00 2017 GMT]
[Sun Mar 01 10:49:56.303513 2020] [ssl:debug] [pid 9852] ssl_engine_kernel.c(2235): [remote 127.0.0.1:8443] AH02041: Protocol: TLSv1, Cipher: AES256-SHA (256/256 bits)
[Sun Mar 01 10:49:56.312046 2020] [proxy:debug] [pid 9852] proxy_util.c(2331): AH00943: *: has released connection for (*)
[Sun Mar 01 10:49:56.312139 2020] [ssl:debug] [pid 9852] ssl_engine_io.c(1106): [remote 127.0.0.1:8443] AH02001: Connection closed to child 0 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:56.312204 2020] [proxy:debug] [pid 9852] proxy_util.c(3154): [remote 127.0.0.1:8443] AH02642: proxy: connection shutdown
[Sun Mar 01 10:49:56.312461 2020] [ssl:debug] [pid 9852] ssl_engine_io.c(1106): [client 127.0.0.1:49482] AH02001: Connection closed to child 3 with standard shutdown (server website.com:443):%s/do
Zope 的输出:
127.0.0.1 - - [01/Mar/2020:10:49:01 +0200] "GET /++vh++https:www.website.com:443/++/cgi-bin/awstats.pl HTTP/1.1" 404 102 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:73.0) Gecko/20100101 Firefox/73.0"
更新 2
解决我的问题的一些有趣的结果:
如果我这样做:1)
<VirtualHost *:443>
...
# REWRITE
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/cgi-bin/awstats [NC]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^/(.*) https://website.com/ [R=301,L]
RewriteRule ^/(.*) https://localhost:8443/++vh++https:%{SERVER_NAME}:443/++/ [P,L]
...
</VirtualHost>
然后,从 https://www 到 https:// 的重定向很好地实现了,但是 CGI 脚本生成了一个 Zope 错误。
如果我这样做:2) 删除行:
`RewriteRule ^/(.*) https://website.com/ [R=301,L]` )
即:
<VirtualHost *:443>
...
# REWRITE
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/cgi-bin/awstats [NC]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^/(.*) https://localhost:8443/++vh++https:%{SERVER_NAME}:443/++/ [P,L]
...
</VirtualHost>
然后从 https://www 到 https:// 的重定向没有实现,但是 CGI 脚本可以通过在浏览器中输入 https://website.com/cgi-bin/awstats.pl.
我如何结合这两种不同的配置,以便同时进行重定向和 CGI 脚本可用?
您在解决方法中遗漏的是 RewriteCond 仅与紧随其后的单个 RewriteRule 相关联。
如果您想在请求 CGI 时跳过重定向到 zope,请通过在其前面加上条件来排除特定的 RewriteRule:
RewriteCond %{REQUEST_URI} !^/cgi-bin/awstats
# existing rule from Question
RewriteRule ^/(.*) https://localhost:8443/++vh++https:%{SERVER_NAME}:443/++/ [P,L]