You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Ol...@unilog.de on 2006/02/13 09:32:29 UTC

[users@httpd] RE [users@httpd] ProxyPass/ProxyPassReverse switch from http to https on redirect? (Apache 2.2.0)

Where in your config should come the https from ?

If you want a secure communication to the backend than make a virtual host on Port 80 for the frontend, rewrite than all incoming requests from the second virtual host which is listening on Port 443 of your frontend server and put there (in the 443 Virtuel Host Config )your ProxyPass Lines. 

bye

Oliver

-----Ursprüngliche Nachricht-----
Von: Kresimir Peharda [mailto:kpeharda@yahoo.com]
Gesendet: So 12.02.2006 21:58
An: users@httpd.apache.org
Betreff: [users@httpd] ProxyPass/ProxyPassReverse switch from http to https on redirect? (Apache 2.2.0)
 
I am struggling to set up a reverse proxy, and for some reason, just can't get
it right. 

I have a public server (will call it "frontend") to access a private one
("backend"). The "backend" sends a couple of redirects, which seem to confuse
the ProxyPassReverse, so eventually my browser ends up querying the DNS for the
whereabouts of the "backend". Namely, it goes like this:

In httpd.conf:
<Location /b-end/>
    ProxyPass http://backend/
    ProxyPassReverse http://backend/
</Location>

This has for effect that a request to:
Host: frontend
GET /b-end/ HTTP 1.1 

- gets forwarded to the backend, and a reply to the browser is rewritten like:
HTTP 1.1 302
Location: http://frontend/b-end/Login/

Now, the browser tries:
Host: frontend
GET /b-end/Login/ HTTP 1.1 - so far, so good

- and the proxy replies with:
HTTP 1.1 302
Location: http://frontend/b-end/Login/ - and this is wrong, since the proxy
actually gets that the document moved to https://backend/Login/, hence the
location should be rewritten like - https://frontend/b-end/Login/. However, it
always remain http.

I tried rewriting it to /sb-end/ with a directive:

ProxyPassReverse /sb-end/ https://backend/ - but I still get

Location: http://frontend/sb-end/Login/ - where I hoped it to be
https://frontend/sb-end/Login/

Needless to say, I tried a number of other tricks, including mod_ext_filter,
mod_rewrite, however, with no result.

I would sure like to understand what am I doing wrong.

Thanks in advance,
Kresimir

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] RE [users@httpd] ProxyPass/ProxyPassReverse switch from http to https on redirect? (Apache 2.2.0)

Posted by Kresimir Peharda <kp...@yahoo.com>.

--- Oliver.Schaudt@unilog.de wrote:

> Where in your config should come the https from ?
> 
> If you want a secure communication to the backend than make a virtual host on
> Port 80 for the frontend, rewrite than all incoming requests from the second
> virtual host which is listening on Port 443 of your frontend server and put
> there (in the 443 Virtuel Host Config )your ProxyPass Lines. 
> 
> bye
> 
> Oliver
> 

Hi Oliver,

 thanks for the offered help, but either I don't understand your answer, or
maybe I did not illustrate my problem good enough. Let me try again.

It goes like this (fe - fronted, be - backend):

Browser--------------------------Proxy(fe)------------------------Backend
  |-------http:/fe/b-end/----------->|                             
                                     |-------http://be/----------->|
                                     |<--(302)--http://be/Login/---|
  |<--(302)--http://fe/b-end/Login/--|
  |-----http://fe/b-end/Login/------>|
                                     |-----http://be/Login/------->|
                                     |<--(302)-https://be/Login/---|
  |<--(302)--http://fe/b-end/Login/--|

Now, the last response from the backend indicates that the browsers next
request should go to the https port, however, ProxyPassReverse translates it to
http instead to https. Even if I try: ProxyPassReverse https:/fe/b-end/
https://be/

What am I missing here?

BR,
Kresimir

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org