« Firebug | Main| Kitty's Charity Fundraiser »

Help needed with CGI Fields: HTTPS and SERVER_PROTOCOL

QuickImage Category Technical

I have several CFD fields on a form; two of which are returning unexpected (incorrect??) values:

  • HTTPS, formula = HTTPS
  • SERVER_PROTOCOL, formula = SERVER_PROTOCOL

The HTTPS field is returning the value "OFF", and the SERVER_PROTOCOL field is returning the value "HTTP/1.1"; regardless of whether or not I access the nsf using http or https.

I need to determine the entire URL of the form, does anybody know how to get the CORRECT protocol? Is this perhaps a bug in the server, am I misunderstanding the purpose of these CGI fields, or perhaps do I have my server configured incorrectly?

Note: This particular form is a $$ViewTemplate form, however I am getting the same results on normal forms and existing documents as well.

Excerpt from my log (in WQO agent) as follows (host names changed of course):


2007/04/27 10:14:21 LotusScript Agent Started
2007/04/27 10:14:21 CurrentAgentDbLog.AutoSave set to: True Called by: INITIALIZE()
2007/04/27 10:14:21 scl libCurrentAgentDbLogClass CADBLOGALLDOCITEMS(): Notes Item Values (Text)
UNID = 3D5B760A728C6834852572CA004E37BB
[Auth_Type]: Domino
[CGI_Path_Info]: /MyDominoDatabase.nsf/MyWebAccessibleView
[Content_Length]: 0
[Content_Type]:
[Gateway_Interface]: CGI/1.1
[HTTPS]: OFF
[HTTPS_CLIENT_CERT_COMMON_NAME]:
[HTTPS_KEYSIZE]:
[HTTP_Accept]: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
[HTTP_Accept_Encoding]:
[HTTP_Accept_Language]: en-us,en;q=0.5
[HTTP_Cache_Control]: max-age=0
[HTTP_Connection]: keep-alive
[HTTP_Cookie]: __utma=195293608.1621366645.1177677066.1177677066.1177677066.1; __utmc=195293608; __utmz=195293608.1177677066.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); DomAuthSessId=99807E3FF8998AC4212560D53384782A; LastUserID=doisad0
[HTTP_From]:
[HTTP_Host]: uat.MyFakeDomain.com
[HTTP_Referer]: https://uat.MyFakeDomain.com/MyDominoDatabase.nsf
[HTTP_User_Agent]: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
[Path_Info]: /MyDominoDatabase.nsf/MyWebAccessibleView?OpenView
[Path_Info_Decoded]: /MyDominoDatabase.nsf/MyWebAccessibleView?OpenView
[Path_Translated]: /MyDominoDatabase.nsf/MyWebAccessibleView
[Query_String]: OpenView
[Query_String_Decoded]: OpenView
[Remote_Addr]: (removed, but resolving correctly)
[Remote_Host]:
[Remote_Ident]:
[Remote_User]: doisad0
[Request_Content]:
[Request_Method]: GET
[Script_Name]:
[Server_Addr]: (removed, but resolving correctly)
[Server_Name]: uat.MyFakeDomain.com
[Server_Port]: 80
[Server_Protocol]: HTTP/1.1
[Server_Software]: Lotus-Domino
[Server_URL_Gateway_Interface]:
[Base_HREF]: HTTP://uat.MyFakeDomain.com/MyDominoDatabase.nsf/
[AT_GetHttpHeader]: [Host]: uat.MyFakeDomain.com | [From]: | [UserAgent]:
[AT_GetHttpHeader_From]:
[AT_GetHttpHeader_UserAgent]: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
[AT_BrowserInfo]: [BrowserType]: Netscape | [Cookies]: 1 | [DHTML]: 1 | [FileUpload]: 1 | [Frames]: 1 | [Java]: 1 | [JavaScript]: 1 | [Iframe]: 1 | [Platform]: WinNT | [Robot]: 0 | [SSL]: 1 | [Tables]: 1 | [VBScript]: 0 | [Version]: 5


Note: I have also posted this on LDD.

Any help would be greatly appreciated.
Thanks,

-Devin.

Posted by spanky762 On 04/27/2007 |

Comments

Gravatar Image1 - Devin, are you sure you're accessing via https.
The excerpt you posted mentions port 80. Are there any redirections or $$Return fields?

Posted by Vitro Pereira At 01:15:53 PM On 04/27/2007 | - Website - |


Gravatar Image2 -

Hey there Vitor.

There are no $$Return fields. There is redirection as follows:

In this environment we have a proxy sitting in front of the domino server.

I can access the database by either:

  1. directly hitting the domino server as using http as "https://MyServerName/MyDatabase.nsf/"
  2. access it the secure proxy name using https as "https://uat.MyDomain.com/MyDatabase.nsf/"

Anonymous users are not allowed in the ACL, both methods require authentication to access the database. Note that MyServerName and uat.MyDomain.com resolve to different IP addresses, but both come in on port 80.

I have Hacked a workaround (I check the host name, if it is "uat.MyDomain.com" then I know the protocol should be https), but I'm not happy with it. My thoughts are that SERVER_PROTOCOL should return either "HTTP/version" or "HTTPS/version", and HTTPS should return either "ON" or "OFF".

I'm going to play with this over the weekend on my personal server and see if I can come up with a more elegant solution that this (IMO) rather ugly hack.

-Devin.

Posted by Devin Olson At 02:32:40 PM On 04/27/2007 | - Website - |


Gravatar Image3 - Hey Devin,

Does the proxy convert the https back to http? HTTPS requests should come in over port 443, so if it's hitting your domino server on port 80, it doesn't seem to be HTTPS anymore. Maybe the request to the proxy is HTTPS, but the proxy then sends an HTTP request to the server? Or is it possible your server not listening on Port 443, so the proxy is failing down to 80 and converting to HTTP at the same time?

Posted by Rob McDonagh At 02:50:23 PM On 04/27/2007 | - Website - |


Gravatar Image4 - That looks a lot like my setup.
Users coming from the internet through our firewall are only allowed to access via https, while internal users use http and I get the correct values from the cgi variable.

I think the problem might be with your proxy, i.e., users are pointing at https:/uat.mydomain.com/MyDatabase.nsf but then the proxy itself might be requesting https:/myservername/MyDatabase.nsf from the server and that is why the server is returning https=off.

Posted by Vitor Pereira At 03:00:40 PM On 04/27/2007 | - Website - |


Gravatar Image5 - Rob, you beat me to the punch.

Posted by Vitor Pereira At 03:03:42 PM On 04/27/2007 | - Website - |


Gravatar Image6 - @Rob -That makes a LOT of sense. I'm going to check with our Network Admin folks on Monday.

Thanks my friend!
-Devin.

Posted by Devin Olson At 05:31:55 PM On 04/27/2007 | - Website - |


Gravatar Image7 -

I just finshed testing this on a dev server that I cave complete control over, and the HTTPS field works somewhat correctly.

(You can click on the pic to see a screenshot excerpt of one of the log documents.)

My understanding of the SERVER_PROTOCOL field was incorrect -I thought it's purpose was to show what the current protocol for the session (https, http, ftp, smtp, nntp, etc) was being used. From Notes Designer Help:
Server_Protocol: "The name and revision of the information protocol accompanying this request."

This is, at best, a misleading statement. This field, as far as I can tell, actually displays the server protocol and version that the SERVER complies with. Which means that Domino 7 servers will always show "HTTP/1.0" for this value, regardless of the protocol being used for the session.

So it appears that the cause of my problem was actually the fact that our proxy was passing the https session to the domino server using port 80. The domino server is showing the value "OFF" for HTTPS because the port being used is not the normal https port. While I can understand the reasons for this; I still think it is a problem. The session is running HTTPS (I'm getting certificates) even though it is running on port 80. The CGI variable HTTPS should reflect this.

That doesn't change the fact that my formula (based on a misunderstanding of the SERVER_PROTOCOL field) for determining Base_HREF was incorrect. The correct formula should be:
@If(HTTPS = "ON"; "https://"; "https://") + @GetHTTPHeader("Host") + "/" + @WebDbName + "/"

-Devin

Posted by Devin Olson At 08:11:58 AM On 04/29/2007 | - Website - |


Search

Daily Quote

Spanky's Stuff

azlighthouse works, llc
learning XPages
downloads area
about & contact info
Spanky's Facebook    Spanky's Twitter    Spanky

Wowsers! A Tag Cloud!

Archive

Links

MiscLinks

OpenNTF BlogSphere LotusGeek CoComment RSS Feed RSS Feed