From 024506bde1926b40befeff8a0597a70542d5f7eb Mon Sep 17 00:00:00 2001
From: fl0ppy-d1sk <fpitance@bunkerity.com>
Date: Tue, 27 Feb 2024 17:29:53 +0100
Subject: [PATCH] bw - fix wrong status for http to https redirect

---
 src/common/confs/server-http/access-lua.conf | 8 ++++++--
 src/common/core/misc/misc.lua                | 3 ++-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/common/confs/server-http/access-lua.conf b/src/common/confs/server-http/access-lua.conf
index 1de1793df..a75f402d3 100644
--- a/src/common/confs/server-http/access-lua.conf
+++ b/src/common/confs/server-http/access-lua.conf
@@ -13,6 +13,7 @@ access_by_lua_block {
 	local INFO = ngx.INFO
 	local WARN = ngx.WARN
 	local NOTICE = ngx.NOTICE
+	local HTTP_MOVED_TEMPORARILY = ngx.HTTP_MOVED_TEMPORARILY
 	local fill_ctx = helpers.fill_ctx
 	local save_ctx = helpers.save_ctx
 	local require_plugin = helpers.require_plugin
@@ -99,7 +100,7 @@ access_by_lua_block {
 					else
 						logger:log(INFO, plugin_id .. ":access() call successful : " .. ret.msg)
 					end
-					if ret.status then
+					if ret.status and not ret.redirect then
 						if ret.status == get_deny_status() then
 							set_reason(plugin_id, ret.data, ctx)
 							logger:log(WARN, "denied access from " .. plugin_id .. " : " .. ret.msg)
@@ -109,6 +110,9 @@ access_by_lua_block {
 						status = ret.status
 						break
 					elseif ret.redirect then
+						if ret.status then
+							status = ret.status
+						end
 						logger:log(NOTICE, plugin_id .. " redirect to " .. ret.redirect .. " : " .. ret.msg)
 						redirect = ret.redirect
 						break
@@ -141,7 +145,7 @@ access_by_lua_block {
 
 	-- Redirect if needed
 	if redirect then
-		return ngx_redirect(redirect)
+		return ngx_redirect(redirect, status or HTTP_MOVED_TEMPORARILY)
 	end
 
 	return true
diff --git a/src/common/core/misc/misc.lua b/src/common/core/misc/misc.lua
index f9e7e78e9..a5a975dcf 100644
--- a/src/common/core/misc/misc.lua
+++ b/src/common/core/misc/misc.lua
@@ -7,6 +7,7 @@ local misc = class("misc", plugin)
 local ngx = ngx
 local HTTP_NOT_ALLOWED = ngx.HTTP_NOT_ALLOWED
 local HTTP_BAD_REQUEST = ngx.HTTP_BAD_REQUEST
+local HTTP_MOVED_PERMANENTLY = ngx.HTTP_MOVED_PERMANENTLY
 local regex_match = utils.regex_match
 
 function misc:initialize(ctx)
@@ -17,7 +18,7 @@ end
 function misc:access()
 	-- Check if we need to redirect to HTTPS
 	if self.ctx.bw.scheme == "http" and ((self.ctx.bw.https_configured == "yes" and self.variables["AUTO_REDIRECT_HTTP_TO_HTTPS"] == "yes") or self.variables["REDIRECT_HTTP_TO_HTTPS"] == "yes") then
-		return self:ret(true, "redirect to HTTPS", nil, "https://" .. self.ctx.bw.http_host .. self.ctx.bw.request_uri)
+		return self:ret(true, "redirect to HTTPS", HTTP_MOVED_PERMANENTLY, "https://" .. self.ctx.bw.http_host .. self.ctx.bw.request_uri)
 	end
 	-- Check if method is valid
 	local method = self.ctx.bw.request_method