> -----Original Message----- > From: Sarris Overbosch [mailto:soverbosch@xxxxxxxx] > Sent: Donnerstag, 10. März 2005 12:52 > To: apachelist > Subject: Re: RE: [users@httpd] ReverseProxy and SSL > > > Hi, > > My configuration looks like this: > > Listen 10.69.227.58:80 > NameVirtualHost 10.69.227.58:80 > > <VirtualHost 10.69.227.58:80> > SSLProxyEngine on > ServerName www.apache.site.nl > > RewriteEngine On > > ProxyHTMLLogVerbose On Eh? never seen ProxyHTML* directives before... what module are they in? > LogLevel Debug Do you get any interesting log messages? > > ProxyPreserveHost Off > > ProxyPass / https://www.test.site.nl/ > ProxyHTMLURLMap http://www.apache.site..nl/ / What is this suposed to do? BTW, the ".." is a typo, I guess? > > <Location /> > ProxyPassReverse / - why is this in a Location container? - why has it only one argument? (should be ProxyPassReverse / https://www.test.site.nl/ > RequestHeader unset Accept-Encoding > </Location> > </VirtualHost> > > Br, > > Sarris > > > > Van: "Boyle Owen" <Owen.Boyle@xxxxxxx> > > Aan: users@xxxxxxxxxxxxxxxx > > Onderwerp: RE: [users@httpd] ReverseProxy and SSL > > BCC: Thu, 10 Mar 2005 11:51:38 +0100 > > > <pre>> -----Original Message----- > > > From: Sarris Overbosch [mailto:soverbosch@xxxxxxxx] > > > Sent: Donnerstag, 10. März 2005 10:32 > > > To: apachelist > > > Subject: Re: RE: RE: [users@httpd] ReverseProxy and SSL > > > > > > > > - request :apache-site/servlet -> returns page containing form > > > > - request :apache-site/servlet?query-string -> returns > > > redirect to "funny" URL > > > > > > > > > it looks like this: > > > > > > > > > > https://www.apache.site.nl,%20www.test.site.nlnl/... > > > > > > > > > I think we need to see how you configure the apache proxy. > Do you have something like: > > > > ProxyPass / https://tomcat-server/ > > > > or do you use mod_rewrite in proxy mode, eg: > > > > RewriteRule (.*) https://tomcat-server/$1 [P] > > > > Which? > > > > > > > When I use a browser and > > > connect directly to the tomcat server everything just works fine. > > > > Even when you submit data in the form? (We know a request > for an empty form works OK). > > > > > Wouldn't apache put it in the log > > > when the Tomcat server sends a redirect message in its response? > > > > Actually, now that I think about it, apache should resolve > the redirect before replying to the client. Apache only logs > what it sends to the client, not anything about its > communications with proxies, eg: > > > > - client requests apache > > - apache proxies request to tomcat > > - tomcat responds with redirect to apache > > - apache requests new URL to tomcat > > - tomcat serves response to apache > > - apache serves response to client and logs it. > > > > Rgds, > > Owen Boyle > > Disclaimer: Any disclaimer attached to this message may be ignored. > > > > > > > > > > > I guess you mean that the Tomcat server is listening on > > > port 80 (plain HTTP) but redirects you to port 443 (HTTPS). > > > This is a typical setup for a server which wants to be > > > available on HTTP but to serve content via HTTPS. > > > > > > The tomcat server is only listening on port 443, would be > > > nice to have it also listeing on port 80 to test the > > > connection without ssl....maybe it will work then > > > > > > > I think the servlet (or rather, the server config in front > > > of it) is *certainly* redirecting. You need to get a client > > > talking directly to Tomcat to prove this, then you need > to fix Tomcat. > > > > > > I did and it just works fine :S > > > > > > > > > > > On a general point, is there any reason why you need HTTPS > > > between apache and tomcat? If you then pass the data over > > > plain HTTP to the client (which is what a proxy does) then it > > > is unecrypted on the apache-client hop. This would only make > > > sense if Tomcat was out on the internet, apache was in your > > > DMZ and all the clients were internal (like in a corporate > > > LAN). Is this the setup? > > > > > > Yes, our broadvision is in our EZ and the apache server > is in our DMZ. > > > > > > Br, > > > > > > Sarris > > > > > > > > Rgds, > > > > Owen Boyle > > > > Disclaimer: Any disclaimer attached to this message may be > > > ignored. > > > > > > > > > > Does this clarify my question? > > > > > > > > > > Br, > > > > > > > > > > Sarris > > > > > > > > > > > > > > > > > > > > > > > > > > Van: "Boyle Owen" <owen.boyle@xxxxxxx> > > > > > > Aan: users@xxxxxxxxxxxxxxxx > > > > > > Onderwerp: RE: [users@httpd] ReverseProxy and SSL > > > > > > BCC: Wed, 9 Mar 2005 17:16:32 +0100 > > > > > > > > > > > <pre>Plain text please... > > > > > > > > > > > > > > > > > > You've got two webservers, a java servlet engine, a mixture > > > > > of HTTP and > > > > > > HTTPS and you're doing reverse proxying. And you describe > > > > > it all in two > > > > > > sentences? > > > > > > > > > > > > I would need at least a circuit diagram before I could > > > > > begin to guess > > > > > > what's wrong... > > > > > > > > > > > > Rgds, > > > > > > Owen Boyle > > > > > > Disclaimer: Any disclaimer attached to this message may > > > be ignored. > > > > > > > > > > > > -----Original Message----- > > > > > > From: Sarris Overbosch [mailto:soverbosch@xxxxxxxx] > > > > > > Sent: Mittwoch, 9. März 2005 17:09 > > > > > > To: apachelist > > > > > > Subject: [users@httpd] ReverseProxy and SSL > > > > > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > I've configured apache to act as an reverse proxy to an > > > https site > > > > > > (https://www.test.site.nl) I connect to the apache > using the url > > > > > > <a target="_blank" target="_blank" > > > > > href=<a target="_blank" > > > href=<a > href=http://www.apache.site.nl.>http://www.apache.site.nl.</a> > >http://www.apache.site.nl.>http://www.apache.site.nl.</a></a> > > ><a > href=http://www.apache.site.nl.>http://www.apache.site.nl.</a> > </a>>http://www.apache.site.nl.>http://www.apache.site.nl.</a> > </a></a>> > When I do a request to a simple jsp page it > > > > > > will work fine, on this jsp page is a form, when I submit > > > > > this form I > > > > > > get a real strange url back, it looks like this: > > > > > > > > > > > > https://www.apache.site.nl,%20www.test.site.nlnl/... > > > > > > > > > > > > As you notice I do a http request and get an https request > > > > > back, i'm not > > > > > > sure why this is happening. The action which is connected > > > > > to the form is > > > > > > a servlet which may (or may not) do I redirect > which causes this > > > > > > problem. Has anyone out there had this problem and if yes > > > > > how did you > > > > > > solve that? > > > > > > > > > > > > Br, > > > > > > > > > > > > Sarris > > > > > > > > > > > > > > > > > > Printer kiezen? Overtuig uzelf! Wij zijn zo overtuigd over > > > > > de kwaliteit > > > > > > van onze Canon printers dat wij u de mogelijkheid bieden > > > > > deze GRATIS te > > > > > > proberen. > > > > > > > > > > > > This message is for the named person's use only. It > may contain > > > > > > confidential, proprietary or legally privileged > information. No > > > > > > confidentiality or privilege is waived or lost by any > > > > > mistransmission. > > > > > > If you receive this message in error, please notify the > > > > > sender urgently > > > > > > and then immediately delete the message and any copies of > > > > > it from your > > > > > > system. Please also immediately destroy any hardcopies of > > > > > the message. > > > > > > You must not, directly or indirectly, use, disclose, > > > > > distribute, print, > > > > > > or copy any part of this message if you are not the > > > > > intended recipient. > > > > > > The sender's company reserves the right to monitor > all e-mail > > > > > > communications through their networks. Any views > > > expressed in this > > > > > > message are those of the individual sender, except > > > where the message > > > > > > states otherwise and the sender is authorised to state them > > > > > to be the > > > > > > views of the sender's company. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > The official User-To-User support forum of the Apache HTTP > > > > > Server Project. > > > > > > See <url:<a > > > > > href=<a target="_blank" > > > href=<a > href=http://httpd.apache.org/user>http://httpd.apache.org/user >http://httpd.apache.org/user>http://httpd.apache.org/user</a>><a href=http://httpd.apache.org/user>http://httpd.apache.org/user</a>>>http://httpd.apache.org/user>http://httpd.apache.org/user</a>></a></a>rslist.html> for more info. > > > > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > > > > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > > > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > > > > > > > > > > </pre> > > > > > > Printer kiezen? Overtuig uzelf! Wij zijn zo overtuigd over de > > > kwaliteit van onze Canon printers dat wij u de mogelijkheid > > > bieden deze GRATIS te proberen. - > > > <a target="_blank" href=<a href=http://www.yourprint.canon-europe.com>http://www.yourprint.canon-europe.com</a>>>http://www.yourprint.canon-europe.com>http://www.yourprint.canon-europe.com</a>></a> > > > > > Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Group. Le présent e-mail est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX. > > > > --------------------------------------------------------------------- > > The official User-To-User support forum of the Apache HTTP Server Project. > > See <url:<a href=<a href=http://httpd.apache.org/user>http://httpd.apache.org/user</a>rslist.html>>http://httpd.apache.org/user>http://httpd.apache.org/user</a>rslist.html></a>for more info. > > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > > > > </pre> > > Download nu Lycos Inside! Bekijk al je berichten in Outlook en zet je documenten online! Ga snel naar mail.lycos.nl > > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <url:<a href=http://httpd.apache.org/user>http://httpd.apache.org/user</a>rslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > </pre> Printer kiezen? Overtuig uzelf! Wij zijn zo overtuigd over de kwaliteit van onze Canon printers dat wij u de mogelijkheid bieden deze GRATIS te proberen. - http://www.yourprint.canon-europe.com --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|