You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Victor, Dwight P CTR DISA PAC" <dw...@disa.mil> on 2010/12/13 19:18:37 UTC
RE: [users@httpd] SetEnv HTTPS on... not working. (UNCLASSIFIED)
Classification: UNCLASSIFIED
Caveats: NONE
Does this http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#relative work for you?
---
Dwight Victor (Contractor), CISSP, RHCT, SCSECA
DISA-PAC EMSS Gateway Hawaii
EMAIL: dwight.victor.ctr@disa.mil
TEL: (808) 653-3677 ext 229
-----Original Message-----
From: Mxrgus Pxrt [mailto:margus@tione.eu]
Sent: Sunday, December 12, 2010 4:28 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] SetEnv HTTPS on... not working.
Hey!
I did not mean that I want HTTP to HTTPS transparency (although, I can't
see how do they differ to end application - communication from client to
server is over SSL with HTTPS + few additional environmental values -
should not affect end app).
I'll try to explain, what I ment with an example:
Components:
- client
- SSL offloader (Apache)
- Backend server (Apache)
Now client makes query to https://example.com. Backend server requeries
that HTTPS on or redirect to there is done. Code example below:
RewriteCond %{HTTPS} !=on
RewriteRule (.*) https://example.com/$1 [L,R=301]
(But this does not work, as query comes to port 80 over HTTP from SSL
offloader and infinite loop is created.)
I know, I could write headers from SSL offloader and check in backend
server (or even do this in SSL offloader):
RewriteCond %{HTTP:HTTPS} !=on
RewriteRule (.*) https://example.com/$1 [L,R=301]
But I am stubborn and want to know, how to overwrite this value (or
answer, that it's not possible because of ...).
Br,
Margus
On 12/11/2010 04:46 PM, Jeroen Geilman wrote:
> On 12/10/10 12:55 PM, Mxrgus Pxrt wrote:
>> I have SSL offloader, what checks wheather user came using HTTP or
>> HTTPS (sends accordingly header.)
>>
>> As I want it to be transparent to application and available to
>> .htaccess, I use apaches values. I want to overwrite them.
>
> Switching from HTTP to HTTPS cannot be transparent. ever.
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Classification: UNCLASSIFIED
Caveats: NONE
Re: [users@httpd] SetEnv HTTPS on... not working. (UNCLASSIFIED)
Posted by Björn Zettergren <bj...@basefarm.se>.
>> -----Original Message-----
>> From: Mxrgus Pxrt [mailto:margus@tione.eu]
>> Sent: Sunday, December 12, 2010 4:28 PM
[...]
>> Components:
>> - client
>> - SSL offloader (Apache)
>> - Backend server (Apache)
>>
>> RewriteCond %{HTTP:HTTPS} !=on
>> RewriteRule (.*) https://example.com/$1 [L,R=301]
I'm not sure if you've recieved an answer for this, but you could set a
new header in the SSL-Offloader if the incomming request is indeed
https, for example "RequestHeader set X-Forwarded-SSL %{HTTPS}e env=HTTPS".
Then in your backend application server you can check
%{HTTP:X-Forwarded-SSL} in your RewriteCond.
/Björn
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] SetEnv HTTPS on... not working. (UNCLASSIFIED)
Posted by Mxrgus Pxrt <ma...@tione.eu>.
Hey!
Thank you for your reply, but the link that you refered, does not
contain answer to my question. (It spoke about how to rewrite to
https:// if request URL was containing "_https" postfix. I would want to
know: how could I get environment value changed in apache server behing
SSL offloader?)
Kaikki kunnossa,
Margus
On 12/13/2010 08:18 PM, Victor, Dwight P CTR DISA PAC wrote:
> Classification: UNCLASSIFIED
> Caveats: NONE
>
> Does this http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#relative work for you?
>
> ---
> Dwight Victor (Contractor), CISSP, RHCT, SCSECA
> DISA-PAC EMSS Gateway Hawaii
> EMAIL: dwight.victor.ctr@disa.mil
> TEL: (808) 653-3677 ext 229
>
> -----Original Message-----
> From: Mxrgus Pxrt [mailto:margus@tione.eu]
> Sent: Sunday, December 12, 2010 4:28 PM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] SetEnv HTTPS on... not working.
>
> Hey!
>
> I did not mean that I want HTTP to HTTPS transparency (although, I can't
> see how do they differ to end application - communication from client to
> server is over SSL with HTTPS + few additional environmental values -
> should not affect end app).
>
> I'll try to explain, what I ment with an example:
>
> Components:
> - client
> - SSL offloader (Apache)
> - Backend server (Apache)
>
>
> Now client makes query to https://example.com. Backend server requeries
> that HTTPS on or redirect to there is done. Code example below:
>
> RewriteCond %{HTTPS} !=on
> RewriteRule (.*) https://example.com/$1 [L,R=301]
>
>
> (But this does not work, as query comes to port 80 over HTTP from SSL
> offloader and infinite loop is created.)
>
>
> I know, I could write headers from SSL offloader and check in backend
> server (or even do this in SSL offloader):
>
> RewriteCond %{HTTP:HTTPS} !=on
> RewriteRule (.*) https://example.com/$1 [L,R=301]
>
>
> But I am stubborn and want to know, how to overwrite this value (or
> answer, that it's not possible because of ...).
>
>
> Br,
> Margus
>
>
>
>
> On 12/11/2010 04:46 PM, Jeroen Geilman wrote:
>> On 12/10/10 12:55 PM, Mxrgus Pxrt wrote:
>>> I have SSL offloader, what checks wheather user came using HTTP or
>>> HTTPS (sends accordingly header.)
>>>
>>> As I want it to be transparent to application and available to
>>> .htaccess, I use apaches values. I want to overwrite them.
>> Switching from HTTP to HTTPS cannot be transparent. ever.
>>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See<URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
> Classification: UNCLASSIFIED
> Caveats: NONE
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org