You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Bill Moseley <mo...@hank.org> on 2006/06/22 08:49:50 UTC
[users@httpd] IE and redirect to SSL
[Sorry if you were on thelist and saw this already]
Apache 2.0.55 - Debian Stable.
I've got some odd log entries when using Internet Explorer.
I have a site that when you click the "login" link it will do a http
redirect to the SSL version of the site. I'm using correct URLs in my
redirect and the fetched https page has all style sheets, javascript
and images uisng full, absolute URLs. The page validates XHTML
strict.
Now, for testing I run on port 82 and 1443. Works fine in Firefox,
and Opera, but in IE I get this in my logs.
Here you can see IE making the inital /login request, and being
redirected to the https version:
192.168.1.32 - - [21/Jun/2006:19:30:07 -0700] "GET /login HTTP/1.1" 302 - "http://bumby:82/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; T312461)"
192.168.1.32 - - [21/Jun/2006:19:30:18 -0700] "GET /login HTTP/1.1" 200 2373 "http://bumby:82/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; T312461)"
Now, IE makes these requests -- I assume it's trying to fetch the
images, css, and javascript files, but look at that odd request:
192.168.1.32 - - [21/Jun/2006:19:30:18 -0700] "\x16\x03" 200 7744 "-" "-"
192.168.1.32 - - [21/Jun/2006:19:30:18 -0700] "\x16\x03" 200 7743 "-" "-"
192.168.1.32 - - [21/Jun/2006:19:30:18 -0700] "\x16\x03" 200 7744 "-" "-"
192.168.1.32 - - [21/Jun/2006:19:30:19 -0700] "\x16\x03" 200 7742 "-" "-"
192.168.1.32 - - [21/Jun/2006:19:30:18 -0700] "\x16\x03" 200 7743 "-" "-"
192.168.1.32 - - [21/Jun/2006:19:30:19 -0700] "\x16\x03" 200 7744 "-" "-"
192.168.1.32 - - [21/Jun/2006:19:30:19 -0700] "\x16\x03" 200 7742 "-" "-"
192.168.1.32 - - [21/Jun/2006:19:30:19 -0700] "\x16\x03" 200 7742 "-" "-"
And then IE displays the page without any styling or images.
If I hit the reload button on IE then the page loads correctly (and
the Apache logs show
I get the same results using a different machine running IE, with
slightly different requests:
7.62.247.1 - - [21/Jun/2006:18:50:31 -0700] "GET /admin/registration/34982 HTTP/1.1" 200 3110 "http://bumby:82/admin/class/581" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)"
7.62.247.1 - - [21/Jun/2006:18:50:31 -0700] "\x16\x03" 200 7711 "-" "-"
7.62.247.1 - - [21/Jun/2006:18:50:31 -0700] "\x80L\x01\x03" 200 7744 "-" "-"
7.62.247.1 - - [21/Jun/2006:18:50:31 -0700] "\x16\x03" 200 7742 "-" "-"
7.62.247.1 - - [21/Jun/2006:18:50:31 -0700] "\x80L\x01\x03" 200 7745 "-" "-"
7.62.247.1 - - [21/Jun/2006:18:50:31 -0700] "\x80L\x01\x03" 200 7711 "-" "-"
7.62.247.1 - - [21/Jun/2006:18:50:31 -0700] "\x80L\x01\x03" 200 7751 "-" "-"
7.62.247.1 - - [21/Jun/2006:18:50:31 -0700] "\x80L\x01\x03" 200 7749 "-" "-"
7.62.247.1 - - [21/Jun/2006:18:50:31 -0700] "\x80L\x01\x03" 200 7744 "-" "-"
7.62.247.1 - - [21/Jun/2006:18:50:32 -0700] "\x80L\x01\x03" 200 7711 "-" "-"
Now, if I run at the standard ports of 80/443 then IE works fine and
doesn't show this problem.
Anyone seen this before? Any idea what's confusing IE? That https
is not the standard port 443?
--
Bill Moseley
moseley@hank.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] IE and redirect to SSL
Posted by Bill Moseley <mo...@hank.org>.
On Thu, Jun 22, 2006 at 01:52:22PM -0400, Joshua Slive wrote:
> On 6/22/06, Bill Moseley <mo...@hank.org> wrote:
> >On Wed, Jun 21, 2006 at 11:49:50PM -0700, Bill Moseley wrote:
> >> 192.168.1.32 - - [21/Jun/2006:19:30:18 -0700] "\x16\x03" 200 7744 "-" "-"
> >
> >What could cause Apache to get that kind of request and log it as a
> >200 status, and not instead return a 400?
>
> What is handling a request to "/" on that server? One guess is that
> you have a program like php that accepts arbitrary methods, and so
> apache is simply treating this as an HTTP/0.9 request with an an
> unknown method, handled by some program.
It's a reverse proxy setup. I'm listening on two different ports
(82/1443) and reverse proxy each of those to high numbered ports (port
+ 10000) on a backend Apache/mod_perl server. Every request to the
backend server is handed by mode_perl.
The back end is listening on two ports so I can tell in the backend
if the front-end request was an ssl request or not by looking at the
connecting port.
> >My guess is IE is encrypting the request and sending it to the wrong
> >port.
>
> Sounds like a reasonable guess. I wonder if it has something to do
> with your use of non-standard ports?
Yes -- the problem goes away if I run on 80/443. It's just IE
showing its fine colors. ;)
--
Bill Moseley
moseley@hank.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] IE and redirect to SSL
Posted by Joshua Slive <jo...@slive.ca>.
On 6/22/06, Bill Moseley <mo...@hank.org> wrote:
> On Wed, Jun 21, 2006 at 11:49:50PM -0700, Bill Moseley wrote:
> > 192.168.1.32 - - [21/Jun/2006:19:30:18 -0700] "\x16\x03" 200 7744 "-" "-"
>
> What could cause Apache to get that kind of request and log it as a
> 200 status, and not instead return a 400?
What is handling a request to "/" on that server? One guess is that
you have a program like php that accepts arbitrary methods, and so
apache is simply treating this as an HTTP/0.9 request with an an
unknown method, handled by some program.
>
> Again, Apache is listening on port 82 and 1443 SSL.
>
> What's happening is IE is getting redirected to a
> https://bumby:1443/login. IE fetches that page correctly using SSL.
>
> That newly loaded page has all links correct (e.g.
> https://bumby:1443/style.css), BUT instead is I see these in my
> *non-ssl* Apache logs:
> My guess is IE is encrypting the request and sending it to the wrong
> port.
Sounds like a reasonable guess. I wonder if it has something to do
with your use of non-standard ports?
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] IE and redirect to SSL
Posted by Bill Moseley <mo...@hank.org>.
On Wed, Jun 21, 2006 at 11:49:50PM -0700, Bill Moseley wrote:
> 192.168.1.32 - - [21/Jun/2006:19:30:18 -0700] "\x16\x03" 200 7744 "-" "-"
What could cause Apache to get that kind of request and log it as a
200 status, and not instead return a 400?
Again, Apache is listening on port 82 and 1443 SSL.
What's happening is IE is getting redirected to a
https://bumby:1443/login. IE fetches that page correctly using SSL.
That newly loaded page has all links correct (e.g.
https://bumby:1443/style.css), BUT instead is I see these in my
*non-ssl* Apache logs:
192.168.1.32 - - [22/Jun/2006:10:36:10 -0700] "\x16\x03" 200 7747 "-" "-"
192.168.1.32 - - [22/Jun/2006:10:36:10 -0700] "\x16\x03" 200 7741 "-" "-"
192.168.1.32 - - [22/Jun/2006:10:36:11 -0700] "\x16\x03" 200 7747 "-" "-"
192.168.1.32 - - [22/Jun/2006:10:36:11 -0700] "\x16\x03" 200 7741 "-" "-"
192.168.1.32 - - [22/Jun/2006:10:36:10 -0700] "\x16\x03" 200 7741 "-" "-"
192.168.1.32 - - [22/Jun/2006:10:36:11 -0700] "\x16\x03" 200 7743 "-" "-"
192.168.1.32 - - [22/Jun/2006:10:36:11 -0700] "\x16\x03" 200 7741 "-" "-"
192.168.1.32 - - [22/Jun/2006:10:36:11 -0700] "\x16\x03" 200 7743 "-" "-"
My guess is IE is encrypting the request and sending it to the wrong
port.
Still, I'm curious why Apache is logging that as a 200.
--
Bill Moseley
moseley@hank.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org