OPNWAF Redirect Match not following the Captured Group

Started by ivosir, Today at 01:00:55 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 01:00:55 PM
Hello all,

Running version 25.10.2_4 business. I need to redirect a local path to a particular remote destination; quite a usual task for which Apache RedirectMatch can be used.

According to https://docs.opnsense.org/vendor/deciso/opnwaf.html#redirect-match, I've set up the location this way (FQDNs have been redacted):

  Local path: ^/mailman/(.*)$
  Remote destinations: https://<LIST-SERVER>/mailman/$1


Basically it should catch requests for https://<MAIN-SERVER>/mailman/<ANYTHING> and redirect them to https://<LIST-SERVER>/mailman/<ANYTHING>. However, it does not work, the group captured in $1 is not passed to the destination, all requests end up at https://<LIST-SERVER>/mailman/.

The corresponding piece of configuration in /usr/local/etc/apache24/Includes/gateway_vhosts.conf looks like this.

  <LocationMatch "^/mailman/(.*)$">
    RedirectMatch 308 "https://<LIST-SERVER>/mailman/$1"
  </LocationMatch>


It doesn't seem to be correct though. <LocationMatch> does match ^/mailman/(.*)$, but RedirectMatch does NOT reuse that match, so $1 inside RedirectMatch is undefined. In Apache, <LocationMatch> captures are not passed into directives inside the block so RedirectMatch needs its own regex to define $1. Working configuration would look like this:

  <VirtualHost *:443>
  ...
  RedirectMatch 308 ^/mailman/(.*)$ https://<LIST-SERVER>/mailman/$1
  Redirect 301 / https://<MAIN-SERVER>/
  ...
  </VirtualHost>


I've actually updated gateway_vhosts.conf by hand and it works well. Until someone makes an update via GUI. :-)

Greetings,
Ivo
Today at 01:11:08 PM #1
Hello,

could you test if this fixes it too:

Code Select
<LocationMatch "^/mailman/(.*)$">
    RedirectMatch 308 ^/mailman/(.*)$ https://<LIST-SERVER>/mailman/$1
</LocationMatch>
I know it looks redundant but I want to change as little about the template generation as possible to fix this.

Only if the above is totally invalid I would consider dropping location match entirely for redirect match.
Hardware:
DEC740
Print
Go Up Pages1
User actions