[users@httpd] Redirect[Match] behind load-balancer switching protocols

[Christopher Schultz <ch...@christopherschultz.net>]

All,

The docs for the Redirect directive state that a slash-prefixed
replacement URL (relative) will use the current request's scheme and
hostname to build the redirect URL.

RedirectMatch doesn't say specifically, but what I'm observing is that:

RedirectMatch permanent ^/$ /foo/

... when requesting https://hostname/, I get a redirect to
http://hostname/foo/ <-- note the protocol switch from https to http.

I'm running httpd 2.4.16 on Linux.

This is an httpd instance which is sitting behind a load-balancer, so
httpd isn't terminating SSL itself. The lb is providing the various
X-Forwarded-* headers, and I have this configuration as well:

    SetEnvIf X-Forwarded-Proto "https" HTTPS=On

Is there another environment variable or other setting that I need to
use in order to override httpd's protocol-detection?

Thanks,
-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Redirect[Match] behind load-balancer switching protocols

[Igor Cicimov <ic...@gmail.com>]

Hi Christopher,

On Wed, Nov 18, 2015 at 8:06 AM, Christopher Schultz <
chris@christopherschultz.net> wrote:

> All,
>
> The docs for the Redirect directive state that a slash-prefixed
> replacement URL (relative) will use the current request's scheme and
> hostname to build the redirect URL.
>
> RedirectMatch doesn't say specifically, but what I'm observing is that:
>
> RedirectMatch permanent ^/$ /foo/
>
> ... when requesting https://hostname/, I get a redirect to
> http://hostname/foo/ <-- note the protocol switch from https to http.
>
> I'm running httpd 2.4.16 on Linux.
>
> This is an httpd instance which is sitting behind a load-balancer, so
> httpd isn't terminating SSL itself. The lb is providing the various
> X-Forwarded-* headers, and I have this configuration as well:
>
>     SetEnvIf X-Forwarded-Proto "https" HTTPS=On
>
> Is there another environment variable or other setting that I need to
> use in order to override httpd's protocol-detection?
>
> Thanks,
> -chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Do you actually have some rewrite rules based on this variable then? Just
setting that variable does not make Apache switch to https protocol in the
response headers you need to actually tell it to use it. I do the following:

        RewriteEngine On
        RewriteCond %{HTTP_X_Forwarded_Proto}  ^https$
        RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]

or just:

        RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [E=HTTPS:On,R,L]

if you wish to use the newly created HTTPS var.

Thanks,
Igor

Re: [users@httpd] Redirect[Match] behind load-balancer switching protocols

[Yann Ylavic <yl...@gmail.com>]

On Tue, Nov 17, 2015 at 10:06 PM, Christopher Schultz
<ch...@christopherschultz.net> wrote:
>
> Is there another environment variable or other setting that I need to
> use in order to override httpd's protocol-detection?

You could specify:
    Protocol https
in the corresponding VirtualHost section.

Regards,
Yann.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org