Re: Apache modifies URL when offloading SSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks for the response.  I spent my time initially focusing on the proxy until I found similar questions on the Squid mailing list that pointed to the backend server as the problem.  The access logs for apache seem to correspond to what I described.  I just ran a test a moment ago and this is final entry I see in the logs: 

10.0.0.6 - - [29/Jun/2012:01:31:41 -0500] "POST /administrator/index.php HTTP/1.0" 303 428 "https://www.mydomain.com/administrator/"; "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20100101 Firefox/13.0.1"

The connection was made via plain http, but the URI in the HTTP header is passed with the https intact.  Monitoring in the browser, I can now see that it is receiving a 301 Moved Permanently response.  I'm trying to configure the logs so that I can confirm whether this is generated by Apache or not.  Any tips?

Clinton 


On Thursday, June 28, 2012 at 10:07 PM, Igor Cicimov wrote:

> Hmmm this
> 
> > - apache changes the url to http://www.mydomain.com/administrator/. (http://www.mydomain.com/administrator/).. 
> 
> doesn't make sense to me in your scenario. Since you are offloading the SSL on the proxy all the communication between the proxy and apache is over HTTP not SSL. So the request already comes to apache as http://... Then Squid should send that back to the client via SSL. Looks like reverse proxy issue to me. In apache as reverse proxy you need to have something like: 
> 
> ProxyRequest off
> ProxyPass / http://apache/
> ProxyPassReverse / http://apache/
> 
> I'm not sure about Squid as I've never used it. 
> 
> Igor
> 
> On Fri, Jun 29, 2012 at 1:28 PM, Clinton J. Campbell <clinton.campbell@xxxxxxxxx (mailto:clinton.campbell@xxxxxxxxx)> wrote:
> > I've been searching archives and other forums, and though I've found others who have asked similar questions, I haven't found a solution yet.
> > 
> > I currently have an Apache server that sits behind a Squid Reverse Proxy. The Apache server runs two virtual hosts, a Joomla website and a WebDav directory for file sharing with customers. The Squid proxy serves several functions, including enforcing the requirement that any sensitive pages are served to the user over SSL.
> > 
> > When running unencrypted, everything works fine. Squid forwards the request to Apache and the response to the user. However, when the user tries to connect via SSL, things start to fall apart behind the scenes. I'll illustrate with a typical scenario:
> > 
> > - user enters https://www.mydomain.com/administrator to access Joomla administration page
> > - connection succeeds and user is presented with login page
> > - user enters credentials and submits
> > - apache changes the url to http://www.mydomain.com/administrator/...
> > - connection fails
> > 
> > In some cases, I can manually change the URL back and proceed to access most parts of the site. Some functionality remains broken. Moreover, this problem completely breaks WebDav access on Windows clients.
> > 
> > I've tried a variety of configurations on the proxy to work around or avoid the problem; however, I've had no luck. The optimal solution would be to find a way to keep Apache from rewriting the URL, but I've not been able to track down a configuration that accomplishes this. Any suggestions?
> > 
> > Thanks in advance!
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx (mailto:users-unsubscribe@xxxxxxxxxxxxxxxx)
> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx (mailto:users-help@xxxxxxxxxxxxxxxx)
> 




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux