mod_rewrite,core: avoid Vary:Host (part 2)

This is a follow up of r1808746 after a chat
with Yann on dev@:

- the HTTP:Host variable suffers from the same problem
- the strcasecmp should be used to allow case-sensitive
  comparisons.
- in mod_rewrite is less cumbersome and more clean to just
  make the Host header check in lookup_header, so it will
  be automatically picked up by every part of the code
  that uses it. It shouldn't be a relevant overhead for
  mod_rewrite.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1809028 13f79535-47bb-0310-9956-ffa450edef68

3 files changed, 13 insertions, 8 deletions

diff --git a/CHANGES b/CHANGES
index 6c49864344..2e6b9ea8da 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,7 +5,7 @@ Changes with Apache 2.5.0
      PR 38923 [Nick Kew]
 
   *) mod_rewrite, core: Avoid the 'Vary: Host' response header when HTTP_HOST is
-     used in a condition that evaluates to true. PR 58231 [Luca Toscano]
+     used in a condition that evaluates to true. PR 58231 [Luca Toscano, Yann Ylavic]
 
   *) mod_md: v0.9.6: a "MDRequireHttps permament" configured domain automatically sends out
      HSTS (rfc 6797) headers in https: responses. [Stefan Eissing]
diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c
index e94a65641c..bc8f52d610 100644
--- a/modules/mappers/mod_rewrite.c
+++ b/modules/mappers/mod_rewrite.c
@@ -1808,7 +1808,10 @@ static const char *lookup_header(const char *name, rewrite_ctx *ctx)
 {
     const char *val = apr_table_get(ctx->r->headers_in, name);
 
-    if (val) {
+    /* Skip the 'Vary: Host' header combination
+     * as indicated in rfc7231 section-7.1.4
+     */
+    if (val && strcasecmp(name, "Host") != 0) {
         ctx->vary_this = ctx->vary_this
                          ? apr_pstrcat(ctx->r->pool, ctx->vary_this, ", ",
                                        name, NULL)
@@ -2035,10 +2038,7 @@ static char *lookup_variable(char *var, rewrite_ctx *ctx)
 
             case 'S':
                 if (!strcmp(var, "HTTP_HOST")) {
-                    /* Skip the 'Vary: Host' header combination
-                     * as indicated in rfc7231 section-7.1.4
-                     */
-                    result = apr_table_get(ctx->r->headers_in, "Host");
+                    result = lookup_header("Host", ctx);
                 }
                 break;
 
diff --git a/server/util_expr_eval.c b/server/util_expr_eval.c
index bf579d70cd..697bc4dcc0 100644
--- a/server/util_expr_eval.c
+++ b/server/util_expr_eval.c
@@ -1044,7 +1044,12 @@ static const char *req_table_func(ap_expr_eval_ctx_t *ctx, const void *data,
         t = ctx->r->headers_in;
     else {                          /* req, http */
         t = ctx->r->headers_in;
-        add_vary(ctx, arg);
+        /* Skip the 'Vary: Host' header combination
+         * as indicated in rfc7231 section-7.1.4
+         */
+        if (strcasecmp(arg, "Host")){
+            add_vary(ctx, arg);
+        }
     }
     return apr_table_get(t, arg);
 }
@@ -1609,7 +1614,7 @@ static const char *req_header_var_fn(ap_expr_eval_ctx_t *ctx, const void *data)
     /* Skip the 'Vary: Host' header combination
      * as indicated in rfc7231 section-7.1.4
      */
-    if (strcmp(name, "Host")){
+    if (strcasecmp(name, "Host")){
         add_vary(ctx, name);
     }
     return apr_table_get(ctx->r->headers_in, name);