MSIE zeigt SSL-Seiten nicht richtig an

Aus Wiki.csoft.at

vi /etc/httpd/conf/httpd.conf
<Perl>
use Apache::PerlSections();
use Cobalt::Ssl;

# Only a temp variable until we go the whole hog.
my (@ssl_conf,$ip,$group,$rewrite_rules,$proto,$ret);

open(HTTPD_CONF,"/etc/httpd/conf/httpd.conf") ||
   die "What ? We can't read our own configuration file?: $!";

# O.K. What we bassically want to do is build up new section in the conf file
# for SSL sections.
while(<HTTPD_CONF>) {
   if (/^<VirtualHost [\d\.]+>$/ ... /^<\/VirtualHost>$/) {
       if ( /^<VirtualHost ([\d\.]+)>/o ) {
           # New section. Clean up.
           $ip = $1;
           @ssl_conf = ();
           $group = undef;
       }

       # Skip this bit, we don't need it now..
       next if (/^<VirtualHost/);

       # Just need to grab the group name out before we get on with
       # the real work.
       if ( /DocumentRoot \/home\/sites\/([^\/]+)\/web/ ){
           $group = $1;
       }

       # These two are for the rewrite options
       s/http/https/go if (/^Rewrite/);
       s/80/443/go if (/^Rewrite/);
       push @ssl_conf, $_;

       # Hardcoded, issues with mod_perl and cobalt modules.
       if (/^<\/Virtual/ and (-f "/etc/httpd/ssl/$group")) {
           $ret = ssl_cert_check("/home/sites/$group/certs/");
           if ($ret=~/^2/o) {
               $PerlConfig .= "Listen $ip:443\n";
# ------------- INSERT THIS CODE -------------
               $PerlConfig .= "SetEnvIf User-Agent \".*MSIE.*\" \\n";
               $PerlConfig .= "        nokeepalive ssl-unclean-shutdown \\n";
               $PerlConfig .= "        downgrade-1.0 force-response-1.0 \n";
# ------------- END INSERT -------------------
               $PerlConfig .= "<VirtualHost $ip:443>\n";
               $PerlConfig .= "SSLengine on\n";
               $PerlConfig .= "SSLCertificateFile /home/sites/$group/certs/certificate\n";
               $PerlConfig .= "SSLCertificateKeyFile /home/sites/$group/certs/key\n";
               $PerlConfig .= join(, @ssl_conf);
           } elsif (ssl_cert_check("/home/sites/home/certs/") =~ /^2/ ) {
               $PerlConfig .= "Listen $ip:443\n";
               $PerlConfig .= "<VirtualHost $ip:443>\n"; 
# ------------- INSERT THIS CODE -------------
               $PerlConfig .= "SetEnvIf User-Agent \".*MSIE.*\" \\n";
               $PerlConfig .= "        nokeepalive ssl-unclean-shutdown \\n";
               $PerlConfig .= "        downgrade-1.0 force-response-1.0 \n";
# ------------- END INSERT -------------------
               $PerlConfig .= "SSLengine on\n";
               $PerlConfig .= "SSLCertificateFile /home/sites/home/certs/certificate\n";
               $PerlConfig .= "SSLCertificateKeyFile /home/sites/home/certs/key\n";
               $PerlConfig .= join(, @ssl_conf);
           } else {
               print STDERR "Site $group has invalid certificate: $ret\n";
           }
       }
   }
}
close HTTPD_CONF;
# O.K. Now we're done with that ugliness the Rewrite rules to provide transistion
# from the user to the admin server need to be different depending on whether we have
# ssl active or not.

if ( ssl_cert_check("/home/sites/home/certs/") =~ /^2/ ) {
   $proto = 'https';
} else {
   $proto = 'http';
}

# This many seem a little tortured as a way to do this, but the
# quoting is hell.

$rewrite_rules =
'RewriteEngine On
RewriteCond %{HTTP_HOST}                ^([^:]+)
RewriteCond %{DOCUMENT_ROOT}            !-d
RewriteRule .*                          proto://servername:81/.cobalt/error/forbidden.html [L,R]
RewriteCond %{HTTP_HOST}                ^([^:]+)
RewriteRule ^/admin/?$                  proto://servername:81/.cobalt/sysManage/index.html [L,R]
RewriteCond %{HTTP_HOST}                ^([^:]+)
RewriteRule ^/siteadmin/?$              proto://servername:81/.cobalt/siteManage/%1/index.html [L,R]
RewriteCond %{HTTP_HOST}                ^([^:]+)
RewriteRule ^/personal/?$               proto://servername:81/.cobalt/personal/index.html [L,R]
RewriteCond %{HTTP_HOST}                ^([^:]+)
RewriteRule ^/.cobalt/(.+)              proto://servername:81/.cobalt/$1 [L,R]
RewriteCond %{HTTP_HOST}                ^([^:]+)
RewriteRule ^/cgi-bin/.cobalt/(.+)      proto://servername:81/cgi-bin/.cobalt/$1 [L,R]
';

$rewrite_rules =~ s/servername/%1/g;
$rewrite_rules =~ s/proto/$proto/g;

$PerlConfig .= $rewrite_rules;

if ( -f "/etc/DEBUG" ) {
   print STDERR Apache::PerlSections->dump();
}
</Perl>


Siehe auch