You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Dominique Pfister (JIRA)" <ji...@apache.org> on 2014/10/30 15:31:33 UTC
[jira] [Created] (SLING-4119) ResourceResolver unable to map
SSL-forwarded request
Dominique Pfister created SLING-4119:
----------------------------------------
Summary: ResourceResolver unable to map SSL-forwarded request
Key: SLING-4119
URL: https://issues.apache.org/jira/browse/SLING-4119
Project: Sling
Issue Type: Bug
Components: ResourceResolver
Affects Versions: Resource Resolver 1.0.6
Reporter: Dominique Pfister
I've setup two hosts in my /etc/map as follows:
{code}
/etc/map
+--http
+--example1.com
+--sling:internalRedirect = ["/content/example1","/"]
+--example1_com
+--sling:internalRedirect = ["/content/example1/index.html"]
+--sling:match = "example1.com/$"
+--example2.com
+--sling:internalRedirect = ["/content/example2","/"]
+--example2_com
+--sling:internalRedirect = ["/content/example2/index.html"]
+--sling:match = "example2.com/$"
{code}
I have a reverse proxy in front of Sling, listening on port 80, that will forward incoming requests with the original "Host" header. If incoming requests are over plain HTTP (e.g. to http://example1.com) everything works as expected, I get 200 status code from Sling as internal redirects are made to the respective home pages of the hosts.
However, if I start a second, secure listener on port 443, forwarding incoming requests to Sling over HTTP (bearing a header "X-Forwarded-SSL: on"), the resource resolver will start to issue 302 redirects, as it is unable to find some match.
E.g., a request for "https://example1.com", arrives at Sling as follows:
{code}
GET / HTTP/1.1
Host: example1.com
X-Forwarded-SSL: on
...
{code}
The resource resolver logs this as:
{code}
Resolving request path: https/example1.com.80/
{code}
Note that the scheme change is due to Apache Felix's SSL Filter, overriding {{ServletRequest.getScheme}}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)