I’m thinking this is a bug, but wanted to make sure I wasn’t overlooking something obvious before I posted to the database …
Here’s the situation:
- Browser sends request for https://HTTP_HOST/public
- We do ssl termination at an accelerator and pass to the Apache httpd instance behind it.
The accelerator sets the X-FORWARDED-FOR and X-FORWARDED-PROTO headers indicating it was originally ssl and what the original remoteip was.
mod_remoteip correctly sets browsers’ ip address for logging. - mod_dir recognizes that /public is a directory and redirects to http://HTTP_HOST/public/
BUT … since X-FORWARDED-PROTO is set to https, it should be redirecting to
https:/HTTP_HOST/public/, and nothing is listening at the ssl accelerator for an http request and everything fails.
I have found several work arounds.
- Set DirectorySlash off
this stops the behavior by returning a 404 error … not ideal, but better than a timeout! - Use rewrite to fix it beforehand:
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =https
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} –d
RewriteRule ^(.+[^/])$
https://%{HTTP_HOST}$1/ [redirect,last]
Second solution works, but seems like a lot of overhead, since every request has to be inspected to see if it is a directory, when the only time this hits us is when mod_dir wants to do a redirect. Every other situation works fine as a relative URL.
Any hints? Thanks.
Russ
Russ Witte, Web Engineer
Common Channel Infrastructure, Wells Fargo Bank
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose,
or take any action on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
