From bd9ac51fa6b6de29f11389dd632c14aaafaf9d34 Mon Sep 17 00:00:00 2001
From: sagi <sagi@users.noreply.github.com>
Date: Wed, 2 Dec 2015 00:05:15 +0000
Subject: [PATCH] alter redirect_verification to raise only when an exact
 Letsencrypt redirction rewrite rule is encountered

---
 .../letsencrypt_apache/configurator.py        | 19 +++++++------------
 .../letsencrypt_apache/constants.py           |  6 +++++-
 2 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/letsencrypt-apache/letsencrypt_apache/configurator.py b/letsencrypt-apache/letsencrypt_apache/configurator.py
index 0f568db28..6f3bd7a30 100644
--- a/letsencrypt-apache/letsencrypt_apache/configurator.py
+++ b/letsencrypt-apache/letsencrypt_apache/configurator.py
@@ -878,7 +878,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
                         "redirection")
             self._create_redirect_vhost(ssl_vhost)
         else:
-            # Check if redirection already exists
+            # Check if LetsEncrypt redirection already exists
             self._verify_no_redirects(general_vh)
 
             # Add directives to server
@@ -911,19 +911,14 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
                     but that's for an other PR.)
         """
         rewrite_path = self.parser.find_dir(
-            "RewriteRule", None, start=vhost.path)
+                "RewriteRule", None, start=vhost.path)
 
         if rewrite_path:
-            # "No existing redirection for virtualhost"
-            if len(rewrite_path) != len(constants.REWRITE_HTTPS_ARGS):
-                raise errors.PluginError("Unknown Existing RewriteRule")
-            for match, arg in itertools.izip(
-                    rewrite_path, constants.REWRITE_HTTPS_ARGS):
-                if self.aug.get(match) != arg:
-                    raise errors.PluginError("Unknown Existing RewriteRule")
-
-            raise errors.PluginEnhancementAlreadyPresent(
-                "Let's Encrypt has already enabled redirection")
+            if map(self.aug.get, rewrite_path) in [
+                    constants.REWRITE_HTTPS_ARGS,
+                    constants.REWRITE_HTTPS_ARGS_WITH_END]:
+                raise errors.PluginEnhancementAlreadyPresent(
+                    "Let's Encrypt has already enabled redirection")
 
     def _create_redirect_vhost(self, ssl_vhost):
         """Creates an http_vhost specifically to redirect for the ssl_vhost.
diff --git a/letsencrypt-apache/letsencrypt_apache/constants.py b/letsencrypt-apache/letsencrypt_apache/constants.py
index 813eae582..1099262de 100644
--- a/letsencrypt-apache/letsencrypt_apache/constants.py
+++ b/letsencrypt-apache/letsencrypt_apache/constants.py
@@ -26,8 +26,12 @@ AUGEAS_LENS_DIR = pkg_resources.resource_filename(
 
 REWRITE_HTTPS_ARGS = [
     "^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[L,QSA,R=permanent]"]
-"""Apache rewrite rule arguments used for redirections to https vhost"""
+"""Apache version<2.3.9 rewrite rule arguments used for redirections to https vhost"""
 
+REWRITE_HTTPS_ARGS_WITH_END = [
+    "^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[L,QSA,R=permanent]"]
+"""Apache version >= 2.3.9 rewrite rule arguments used for redirections to 
+    https vhost"""
 
 HSTS_ARGS = ["always", "set", "Strict-Transport-Security",
     "\"max-age=31536000; includeSubDomains\""]