Home / server / Questions / 673271
In Process
Oldskool
Asked: 2015-03-06 06:26:15 +0800 CST

Apache mod_ssl StdEnvVars appear not to be set?

  • 772

I have a CentOS 6.5 server running Apache 2.2.15 with mod_ssl and PHP 5.3.3. My problem is that PHP does not seem to recognize the HTTPS connection.

I have the following in my /etc/httpd/conf.d/ssl.conf file:

LoadModule ssl_module modules/mod_ssl.so

Listen 443
# IPs below anonimized, they are the actual IPs of the server
NameVirtualHost 127.0.0.1:443
NameVirtualHost [::1]:443

SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

# Anonimized IPs here too, but the actual IPs are set
<VirtualHost 127.0.0.1:443 [::1]:443>
    ErrorLog logs/ssl_error_log
    TransferLog logs/ssl_access_log
    LogLevel warn

    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

    SSLCertificateFile /etc/ssl/certs/my.crt
    SSLCertificateKeyFile /etc/ssl/certs/my.key
    SSLCACertificateFile /etc/ssl/certs/PositiveSSLCA2.crt

    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
        SSLOptions +StdEnvVars
    </Files>
    <Directory "/var/www/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>

    SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

    CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

This config works, when I add a vhost on this IP address in my /etc/httpd/conf.d/vhosts.conf (where I defined all my vhosts for this server), everything works as expected. The site is served over HTTPS with the correct certificate, the browser shows a green lock and everything.

If I run a phpinfo script, I get unexpected outputs. For example in the Configuration/apache2handler section, the port number is zero:

Hostname:Port   example.com:0

Also under the "Apache Environment" I see weird values (keep in mind that I am actually accessing this page over HTTPS and the browser shows the green lock and all):

SCRIPT_URI  http://www.example.com/test.php
SERVER_PROTOCOL HTTP/1.1

There is no 'https' in the script URI and the protocol is just plain HTTP/1.1?

Also, none of the mod_ssl environment variables seem to be set, while my ssl.conf does have the SSLOptions +StdEnvVars option set for PHP files.

Why is PHP not recognizing that the request is made over SSL? I now have manually set at least the HTTPS environment variable in my vhost config, which is then succesfully set:

SetEnv HTTPS On

Ideally, this var should've already been set by mod_ssl, why isn't it (or why does PHP miss it)?

apache-2.2

0 Answers