Re: Redirect[Match] behind load-balancer switching protocols

[Igor Cicimov <icicimov@xxxxxxxxx>]

Hi Christopher,

On Wed, Nov 18, 2015 at 8:06 AM, Christopher Schultz <chris@xxxxxxxxxxxxxxxxxxxxxx> wrote:

All,

The docs for the Redirect directive state that a slash-prefixed
replacement URL (relative) will use the current request's scheme and
hostname to build the redirect URL.

RedirectMatch doesn't say specifically, but what I'm observing is that:

RedirectMatch permanent ^/$ /foo/

... when requesting https://hostname/, I get a redirect to
http://hostname/foo/ <-- note the protocol switch from https to http.

I'm running httpd 2.4.16 on Linux.

This is an httpd instance which is sitting behind a load-balancer, so
httpd isn't terminating SSL itself. The lb is providing the various
X-Forwarded-* headers, and I have this configuration as well:

    SetEnvIf X-Forwarded-Proto "https" HTTPS=On

Is there another environment variable or other setting that I need to
use in order to override httpd's protocol-detection?

Thanks,
-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

Do you actually have some rewrite rules based on this variable then? Just setting that variable does not make Apache switch to https protocol in the response headers you need to actually tell it to use it. I do the following:

        RewriteEngine On
        RewriteCond %{HTTP_X_Forwarded_Proto}  ^https$
        RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]

or just:

        RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [E=HTTPS:On,R,L]

if you wish to use the newly created HTTPS var.

Thanks,

Igor