You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@lenya.apache.org by Juergen Ragaller <ra...@apache.org> on 2007/11/16 23:30:13 UTC

jetty proxying scaffold

Hi

I was (well not so systematically, but still) testing the jetty  
proxying scaffold.

It's working quite nicely. Thanks Jörn, for setting this up!

three things:

1) When a document has the ssl-switch on for auth_live, and the user  
clicked on let's say
https://www.example.com/lenya/customer/live/ssl-protected.html
the user stays on www.example.com/lenya/customer/live/... (the other  
links are not namedhttp://customer.example.com/... but https://www.example.com/ 
  too).
Is the reason for this that if the other links would be http:// 
customer... a mixed content http / https warning would appear?

2) The login event is not (yet) rewritten to ssl:

The following rule could go into the customer.example.com section:

  # Redirect the login usecase to https
  RewriteCond %{QUERY_STRING} (.*)lenya\.usecase=ac\.login(.*)
  RewriteRule ^/(.*) https://www.example.com/lenya/customer/live/$1  
[R,L]

(adapted from
http://lenya.apache.org/docs/2_0_x/tutorials/proxy/mod_proxy_ajp.html)

A switch back to http://customer.example.com/$1 would be nice for non  
ssl live page logins...


3) I'm still studying the differences between the the proxy_ajp docu  
and the proxy rules in the scaffold - is there any servlet container  
specific stuff in one of these? If not, a single rule set would  
confuse less, I think (at least in my case ;-)).


Thanks and good night.

Jürgen

Re: jetty proxying scaffold

Posted by Jörn Nettingsmeier <ne...@apache.org>.

Juergen Ragaller wrote:
> Hi
> 
> I was (well not so systematically, but still) testing the jetty proxying 
> scaffold.
> 
> It's working quite nicely. Thanks Jörn, for setting this up!
> 
> three things:
> 
> 1) When a document has the ssl-switch on for auth_live, and the user 
> clicked on let's say
> https://www.example.com/lenya/customer/live/ssl-protected.html
> the user stays on www.example.com/lenya/customer/live/ 
> <http://www.example.com/lenya/customer/live/>... (the other links are 
> not namedhttp://customer.example.com/... but https://www.example.com/ too).

ACK. i've seen that too. does it work for anyone else? i have the 
feeling that it's a missing feature in the proxy transformer...

> Is the reason for this that if the other links would be http://customer 
> <http://customer/>... a mixed content http / https warning would appear?

don't think so. mixed content only pops up if other media such as images 
on the same page are non-ssl. non-ssl links will just cause a "you are 
leaving an ssl-encrypted page" warning, which is fine.

> 2) The login event is not (yet) rewritten to ssl:
> 
> The following rule could go into the customer.example.com section:
> 
>  # Redirect the login usecase to https
>  RewriteCond %{QUERY_STRING} (.*)lenya\.usecase=ac\.login(.*)
>  RewriteRule ^/(.*) https://www.example.com/lenya/customer/live/$1 [R,L]
> 
> (adapted from
> http://lenya.apache.org/docs/2_0_x/tutorials/proxy/mod_proxy_ajp.html)
> 
> A switch back to http://customer.example.com/$1 would be nice for non 
> ssl live page logins...

yeah, needs to be done. the apache config has a redirect to ssl for the 
entire authoring area, but it's deactivated for testing. will that do, 
or would you rather have the specific login redirect?

> 3) I'm still studying the differences between the the proxy_ajp docu and 
> the proxy rules in the scaffold - is there any servlet container 
> specific stuff in one of these? If not, a single rule set would confuse 
> less, I think (at least in my case ;-)).

my approach was to start from scratch, to make sure i understand what 
i'm doing. i think andreas' docs are more comprehensive, but they may 
contain some legacy cruft (haven't really checked though.) let's try and 
put production best practices into the web docs, and keep the 
proxytesting README very basic (it probably does the job as it is) - 
it's mostly for regression testing, hence it should be somewhat 
standardized.
if you find confusing stuff in there, let me know and we'll clean it up. 
probably needs some more comments...

-- 
Jörn Nettingsmeier

"One of my most productive days was throwing away 1000 lines of code."
   - Ken Thompson.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org