You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lenya.apache.org by Juergen Ragaller <ra...@apache.org> on 2007/11/16 23:30:13 UTC
jetty proxying scaffold
Hi
I was (well not so systematically, but still) testing the jetty
proxying scaffold.
It's working quite nicely. Thanks Jörn, for setting this up!
three things:
1) When a document has the ssl-switch on for auth_live, and the user
clicked on let's say
https://www.example.com/lenya/customer/live/ssl-protected.html
the user stays on www.example.com/lenya/customer/live/... (the other
links are not namedhttp://customer.example.com/... but https://www.example.com/
too).
Is the reason for this that if the other links would be http://
customer... a mixed content http / https warning would appear?
2) The login event is not (yet) rewritten to ssl:
The following rule could go into the customer.example.com section:
# Redirect the login usecase to https
RewriteCond %{QUERY_STRING} (.*)lenya\.usecase=ac\.login(.*)
RewriteRule ^/(.*) https://www.example.com/lenya/customer/live/$1
[R,L]
(adapted from
http://lenya.apache.org/docs/2_0_x/tutorials/proxy/mod_proxy_ajp.html)
A switch back to http://customer.example.com/$1 would be nice for non
ssl live page logins...
3) I'm still studying the differences between the the proxy_ajp docu
and the proxy rules in the scaffold - is there any servlet container
specific stuff in one of these? If not, a single rule set would
confuse less, I think (at least in my case ;-)).
Thanks and good night.
Jürgen
Re: jetty proxying scaffold
Posted by Jörn Nettingsmeier <ne...@apache.org>.
Juergen Ragaller wrote:
> Hi
>
> I was (well not so systematically, but still) testing the jetty proxying
> scaffold.
>
> It's working quite nicely. Thanks Jörn, for setting this up!
>
> three things:
>
> 1) When a document has the ssl-switch on for auth_live, and the user
> clicked on let's say
> https://www.example.com/lenya/customer/live/ssl-protected.html
> the user stays on www.example.com/lenya/customer/live/
> <http://www.example.com/lenya/customer/live/>... (the other links are
> not namedhttp://customer.example.com/... but https://www.example.com/ too).
ACK. i've seen that too. does it work for anyone else? i have the
feeling that it's a missing feature in the proxy transformer...
> Is the reason for this that if the other links would be http://customer
> <http://customer/>... a mixed content http / https warning would appear?
don't think so. mixed content only pops up if other media such as images
on the same page are non-ssl. non-ssl links will just cause a "you are
leaving an ssl-encrypted page" warning, which is fine.
> 2) The login event is not (yet) rewritten to ssl:
>
> The following rule could go into the customer.example.com section:
>
> # Redirect the login usecase to https
> RewriteCond %{QUERY_STRING} (.*)lenya\.usecase=ac\.login(.*)
> RewriteRule ^/(.*) https://www.example.com/lenya/customer/live/$1 [R,L]
>
> (adapted from
> http://lenya.apache.org/docs/2_0_x/tutorials/proxy/mod_proxy_ajp.html)
>
> A switch back to http://customer.example.com/$1 would be nice for non
> ssl live page logins...
yeah, needs to be done. the apache config has a redirect to ssl for the
entire authoring area, but it's deactivated for testing. will that do,
or would you rather have the specific login redirect?
> 3) I'm still studying the differences between the the proxy_ajp docu and
> the proxy rules in the scaffold - is there any servlet container
> specific stuff in one of these? If not, a single rule set would confuse
> less, I think (at least in my case ;-)).
my approach was to start from scratch, to make sure i understand what
i'm doing. i think andreas' docs are more comprehensive, but they may
contain some legacy cruft (haven't really checked though.) let's try and
put production best practices into the web docs, and keep the
proxytesting README very basic (it probably does the job as it is) -
it's mostly for regression testing, hence it should be somewhat
standardized.
if you find confusing stuff in there, let me know and we'll clean it up.
probably needs some more comments...
--
Jörn Nettingsmeier
"One of my most productive days was throwing away 1000 lines of code."
- Ken Thompson.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lenya.apache.org
For additional commands, e-mail: dev-help@lenya.apache.org