Apache 2.4 requests to non-SSL site with "Upgrade-Insecure-Requests: 1" and no trailing / get redirected to default site
by owendelong from LinuxQuestions.org on (#5K92F)
Consider a web server with multiple virtual hosts (address based).
http://www.example.com/location/ is a fully formed URL and works.
http://www.example.com/location is missing the trailing /, so the web server produces a redirect to add it.
Finally, the default web site is http://www.othername.com and has both HTTP and HTTPs services with a proper certificate.
Without the "Upgrade-Insecure-Requests: 1" header, this works as expected.
However, add the aforementioned header and now the rewrite comes back as "https://www.othername.com/location/" instead of the expected (and desired) "http://www.example.com/location/".
It's not acceptable for "https://www.example.com/location/" because the www.example.com site is SSLEngine Off and has no port 443 listener configured, no certificate configured, etc.
However, it's also not acceptable to rewrite the domain name entirely, since the default site has a completely different document root and so the rewrite creates a 404 error.
I'm hoping someone can explain how to coerce Apache into doing what is expected here.
Thanks in advance,
Owen
http://www.example.com/location/ is a fully formed URL and works.
http://www.example.com/location is missing the trailing /, so the web server produces a redirect to add it.
Finally, the default web site is http://www.othername.com and has both HTTP and HTTPs services with a proper certificate.
Without the "Upgrade-Insecure-Requests: 1" header, this works as expected.
However, add the aforementioned header and now the rewrite comes back as "https://www.othername.com/location/" instead of the expected (and desired) "http://www.example.com/location/".
It's not acceptable for "https://www.example.com/location/" because the www.example.com site is SSLEngine Off and has no port 443 listener configured, no certificate configured, etc.
However, it's also not acceptable to rewrite the domain name entirely, since the default site has a completely different document root and so the rewrite creates a 404 error.
I'm hoping someone can explain how to coerce Apache into doing what is expected here.
Thanks in advance,
Owen