alter redirect_verification to raise only when an exact Letsencrypt redirction rewrite rule is encountered

2026-06-03 22:08:07 -04:00 · 2015-12-02 00:05:15 +00:00 · 2015-12-02 00:05:15 +00:00 · bd9ac51fa6
commit bd9ac51fa6
parent 917f7aa33e
2 changed files with 12 additions and 13 deletions
--- a/letsencrypt-apache/letsencrypt_apache/configurator.py
+++ b/letsencrypt-apache/letsencrypt_apache/configurator.py
@ -878,7 +878,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
                        "redirection")
            self._create_redirect_vhost(ssl_vhost)
        else:
-            # Check if redirection already exists
+            # Check if LetsEncrypt redirection already exists
            self._verify_no_redirects(general_vh)

            # Add directives to server
@ -911,19 +911,14 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
                    but that's for an other PR.)
        """
        rewrite_path = self.parser.find_dir(
-            "RewriteRule", None, start=vhost.path)
+                "RewriteRule", None, start=vhost.path)

        if rewrite_path:
-            # "No existing redirection for virtualhost"
-            if len(rewrite_path) != len(constants.REWRITE_HTTPS_ARGS):
-                raise errors.PluginError("Unknown Existing RewriteRule")
-            for match, arg in itertools.izip(
-                    rewrite_path, constants.REWRITE_HTTPS_ARGS):
-                if self.aug.get(match) != arg:
-                    raise errors.PluginError("Unknown Existing RewriteRule")
-
-            raise errors.PluginEnhancementAlreadyPresent(
-                "Let's Encrypt has already enabled redirection")
+            if map(self.aug.get, rewrite_path) in [
+                    constants.REWRITE_HTTPS_ARGS,
+                    constants.REWRITE_HTTPS_ARGS_WITH_END]:
+                raise errors.PluginEnhancementAlreadyPresent(
+                    "Let's Encrypt has already enabled redirection")

    def _create_redirect_vhost(self, ssl_vhost):
        """Creates an http_vhost specifically to redirect for the ssl_vhost.
--- a/letsencrypt-apache/letsencrypt_apache/constants.py
+++ b/letsencrypt-apache/letsencrypt_apache/constants.py
@ -26,8 +26,12 @@ AUGEAS_LENS_DIR = pkg_resources.resource_filename(

 REWRITE_HTTPS_ARGS = [
    "^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[L,QSA,R=permanent]"]
-"""Apache rewrite rule arguments used for redirections to https vhost"""
+"""Apache version<2.3.9 rewrite rule arguments used for redirections to https vhost"""

+REWRITE_HTTPS_ARGS_WITH_END = [
+    "^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[L,QSA,R=permanent]"]
+"""Apache version >= 2.3.9 rewrite rule arguments used for redirections to 
+    https vhost"""

 HSTS_ARGS = ["always", "set", "Strict-Transport-Security",
    "\"max-age=31536000; includeSubDomains\""]