Re: Apache modifies URL when offloading SSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hmmm this

- apache changes the url to http://www.mydomain.com/administrator/... 

doesn't make sense to me in your scenario. Since you are offloading the SSL on the proxy all the communication between the proxy and apache is over HTTP not SSL. So the request already comes to apache as http://... Then Squid should send that back to the client via SSL. Looks like reverse proxy issue to me. In apache as reverse proxy you need to have something like:

ProxyRequest off
ProxyPass / http://apache/
ProxyPassReverse / http://apache/

I'm not sure about Squid as I've never used it.

Igor

On Fri, Jun 29, 2012 at 1:28 PM, Clinton J. Campbell <clinton.campbell@xxxxxxxxx> wrote:
I've been searching archives and other forums, and though I've found others who have asked similar questions, I haven't found a solution yet.

I currently have an Apache server that sits behind a Squid Reverse Proxy. The Apache server runs two virtual hosts, a Joomla website and a WebDav directory for file sharing with customers. The Squid proxy serves several functions, including enforcing the requirement that any sensitive pages are served to the user over SSL.

When running unencrypted, everything works fine. Squid forwards the request to Apache and the response to the user. However, when the user tries to connect via SSL, things start to fall apart behind the scenes. I'll illustrate with a typical scenario:

- user enters https://www.mydomain.com/administrator to access Joomla administration page
- connection succeeds and user is presented with login page
- user enters credentials and submits
- apache changes the url to http://www.mydomain.com/administrator/...
- connection fails

In some cases, I can manually change the URL back and proceed to access most parts of the site.  Some functionality remains broken.  Moreover, this problem completely breaks WebDav access on Windows clients.

I've tried a variety of configurations on the proxy to work around or avoid the problem; however, I've had no luck. The optimal solution would be to find a way to keep Apache from rewriting the URL, but I've not been able to track down a configuration that accomplishes this.  Any suggestions?

Thanks in advance!

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux