You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Frank Zappo <fr...@hotmail.com> on 2010/08/19 17:18:27 UTC

[users@httpd] Redirection based on HTTP Host header

Good day,
 
Is there a way to specify directives to scan the HTTP Host header for specific attributes, and then redirect based upon the value of those attributes?  For example, I'd like my server to be configured such that my client can open an HTTPS session to the same address/port regardless of whether the client has an RSA-based certificate or an ECC-based certificate.  So, the server would check the HTTP Host header to determine the whether the client is ECC-capable and then redirect to a different ECC-capable port, otherwise it would use the default port.
 
Or is there a better way to accomplish the same thing?  Any comments would be appreciated.
 
Frank

Re: [users@httpd] Redirection based on HTTP Host header

Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.

On 8/19/2010 6:37 PM, pratyoosh sharma wrote:
> You can use mod_rewrite to detect a HTTP Header, compare the value &
> redirect to a local port if the condition is satisfied
> RewriteCond %{HTTP:HTTP_X_SOMEHEADER}
> RewriteRule ^/(.*)$ http://127.0.0.1:14333/$1 [P,L] 

See also mod_vhost_alias

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Redirection based on HTTP Host header

Posted by pratyoosh sharma <pr...@gmail.com>.

You can use mod_rewrite to detect a HTTP Header, compare the value &
redirect to a local port if the condition is satisfied
RewriteCond %{HTTP:HTTP_X_SOMEHEADER}
RewriteRule ^/(.*)$ http://127.0.0.1:14333/$1 [P,L]


On Thu, Aug 19, 2010 at 5:02 PM, Frank Zappo <fr...@hotmail.com>wrote:

>  Thanks for responding, and apologies if I wasn't very clear.
> I have a server that is both RSA and ECC capable.  I want the
> server to accept HTTPS connections from both RSA and ECC clients
> on the same TCP port.  Presumably, the default port on the server
> will support only one of the algorithms (say, RSA), and thus need
> to detect the capabilities of the client so it can redirect to a different
> port if an ECC client connects.
>
> Any ideas as to how this would be best accomplished?  Or is this
> not how it works?
>
> Frank
>
>
> > Date: Thu, 19 Aug 2010 18:47:52 +0200
> > From: megabrutal@gmail.com
> > To: users@httpd.apache.org
> > Subject: Re: [users@httpd] Redirection based on HTTP Host header
>
> >
> > Hello,
> >
> > Just to clarify it: so you want to accept HTTP and HTTPS connections
> > on the same TCP port?
> >
> > MegaBrutal
> >
> >
> > 2010/8/19 Frank Zappo <fr...@hotmail.com>:
> > > Good day,
> > >
> > > Is there a way to specify directives to scan the HTTP Host header for
> > > specific attributes, and then redirect based upon the value of those
> > > attributes?  For example, I'd like my server to be configured such that
> my
> > > client can open an HTTPS session to the same address/port regardless of
> > > whether the client has an RSA-based certificate or an ECC-based
> > > certificate.  So, the server would check the HTTP Host header to
> determine
> > > the whether the client is ECC-capable and then redirect to a different
> > > ECC-capable port, otherwise it would use the default port.
> > >
> > > Or is there a better way to accomplish the same thing?  Any comments
> would
> > > be appreciated.
> > >
> > > Frank
> > >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
> Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > " from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
>



-- 
Thanks & Regards,
Pratyoosh Sharma

Re: [users@httpd] Redirection based on HTTP Host header

Posted by Eric Covener <co...@gmail.com>.

On Thu, Aug 19, 2010 at 5:02 PM, Frank Zappo <fr...@hotmail.com> wrote:
> Thanks for responding, and apologies if I wasn't very clear.
> I have a server that is both RSA and ECC capable.  I want the
> server to accept HTTPS connections from both RSA and ECC clients
> on the same TCP port.  Presumably, the default port on the server
> will support only one of the algorithms (say, RSA), and thus need
> to detect the capabilities of the client so it can redirect to a different
> port if an ECC client connects.
>
> Any ideas as to how this would be best accomplished?  Or is this
> not how it works?

You mentioned before checking the Host: header.  If your two types of
clients connect to two different hostnames you can either use two IP
addresses or a pair of name-based vhosts with SNI (TLS Server Name
Indication).

You can't inspect this header, or any other, and use other modules to
respond because it would always be well after the handshake has
already occured.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: [users@httpd] Redirection based on HTTP Host header

Posted by Frank Zappo <fr...@hotmail.com>.

Thanks for responding, and apologies if I wasn't very clear.
I have a server that is both RSA and ECC capable.  I want the
server to accept HTTPS connections from both RSA and ECC clients
on the same TCP port.  Presumably, the default port on the server 
will support only one of the algorithms (say, RSA), and thus need 
to detect the capabilities of the client so it can redirect to a different
port if an ECC client connects.
 
Any ideas as to how this would be best accomplished?  Or is this
not how it works?
 
Frank

 
> Date: Thu, 19 Aug 2010 18:47:52 +0200
> From: megabrutal@gmail.com
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Redirection based on HTTP Host header
> 
> Hello,
> 
> Just to clarify it: so you want to accept HTTP and HTTPS connections
> on the same TCP port?
> 
> MegaBrutal
> 
> 
> 2010/8/19 Frank Zappo <fr...@hotmail.com>:
> > Good day,
> >
> > Is there a way to specify directives to scan the HTTP Host header for
> > specific attributes, and then redirect based upon the value of those
> > attributes?  For example, I'd like my server to be configured such that my
> > client can open an HTTPS session to the same address/port regardless of
> > whether the client has an RSA-based certificate or an ECC-based
> > certificate.  So, the server would check the HTTP Host header to determine
> > the whether the client is ECC-capable and then redirect to a different
> > ECC-capable port, otherwise it would use the default port.
> >
> > Or is there a better way to accomplish the same thing?  Any comments would
> > be appreciated.
> >
> > Frank
> >
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>

Re: [users@httpd] Redirection based on HTTP Host header

Posted by MegaBrutal <me...@gmail.com>.

Hello,

Just to clarify it: so you want to accept HTTP and HTTPS connections
on the same TCP port?

MegaBrutal


2010/8/19 Frank Zappo <fr...@hotmail.com>:
> Good day,
>
> Is there a way to specify directives to scan the HTTP Host header for
> specific attributes, and then redirect based upon the value of those
> attributes?  For example, I'd like my server to be configured such that my
> client can open an HTTPS session to the same address/port regardless of
> whether the client has an RSA-based certificate or an ECC-based
> certificate.  So, the server would check the HTTP Host header to determine
> the whether the client is ECC-capable and then redirect to a different
> ECC-capable port, otherwise it would use the default port.
>
> Or is there a better way to accomplish the same thing?  Any comments would
> be appreciated.
>
> Frank
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org