> -----Original Message----- > From: apache-user@xxxxxxxxxxx [mailto:apache-user@xxxxxxxxxxx] > ... > OK, so now it's working, but not really, because I was expecting the > redirected request (line {3a} in the above flow) would be > re-directed back > to https: > > {1b} #request# https://gateway/vqwiki-2.7.1 > {2b} #response# HTTP 302 (Location: > http://gateway/vqwiki-2.7.1/someResource) > {3b} #request# http://gateway/vqwiki-2.7.1/someResource > {4b} #response# HTTP 302 (Location: > https://gateway/vqwiki-2.7.1/someResource) > {5b} #request# https://gateway/vqwiki-2.7.1/someResource > {6b} #response# HTTP 200 Need to see exactly what mod_rewrite is doing. Switch on logging and crank up the LogLevel to 9 - then see what you get (see http://httpd.apache.org/docs-2.0/mod/mod_rewrite.html#rewritelog) Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. > > This would be satisfactory. But of course the ideal would be that the > Location header be picked properly, e.g.: > > {1c} #request# https://gateway/vqwiki-2.7.1 > {2c} #response# HTTP 302 (Location: > https://gateway/vqwiki-2.7.1/someResource) > {3c} #request# https://gateway/vqwiki-2.7.1/someResource > {4c} #response# HTTP 200 > > I hope I am communicating clearly. Thanks again for your > help. I hope > this thread will help others who run into a similar problem. > > -Daniel > > >> -----Original Message----- > >> From: Daniel Silva [mailto:apache-user@xxxxxxxxxxx] > > ... > >> > >> Here are the mod_proxy rules I am using on the gateway server: > >> > >> ~~~ > >> > >> <Location /vqwiki-2.7.1> > >> ProxyPass http://backend:4080/vqwiki-2.7.1/ > >> ProxyPassReverse http://backend:4080/vqwiki-2.7.1/ > >> SSLRequireSSL > >> </Location> > > > > So this is an SSL server... OK. > > > >> > >> ~~~ > >> > >> Here are the mod_rewrite rules I was using in a virtual host > >> on port 80, > >> when I was trying to re-write http to https requests: > >> > >> ~~~ > >> > >> Listen 0.0.0.0:80 > >> > >> <VirtualHost _default_:80> > > > > Why are you actually using "VirtualHost"? Do you have more than one > > server? If so, are the VHs port-based or name-based? If > name-based, the > > ServerName directive should be inside. > > > >> SSLEngine Off > >> Redirect / https://gateway/ > > > > So this redirects top-level requests to HTTPS. Does this > work? ie, does > > http://your-server/ redirect to https://gateway/ ? > > > >> RewriteEngine on > >> RewriteCond %{SERVER_PORT} !^443$ > > > > Since this condition is inside a VH bound to port 80, it > must always be > > true - so unnecessary. Never mind.. > > > >> RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R] > > > > This should work - what does it say in the rewrite_log? > > > >> </VirtualHost> > > > > As a general point, you don't need Redirect and RewriteRule > - you could > > achieve all of the above with: > > > > <VH> > > RedirectMatch /(.*) https://%{SERVER_NAME}/$1 > > </VH> > > > > Rgds, > > Owen Boyle > > Disclaimer: Any disclaimer attached to this message may be ignored. > > > > > >> > >> ServerName gate.platinumsolutions.com:80 > >> UseCanonicalName Off > >> > >> ~~~ > >> > >> There are more directives, the ssl-specific ones are in a > >> separate conf > >> file. Let me know if you need to see anything from there. > >> > >> I have one more thing for you... the headers on the > redirect request > >> (from LiveHTTPHeaders extension on Firefox). You'll notive > >> in the 302 > >> response headers that the Location header has http:// instead of > >> https://... this is the matter that is driving me crazy and > >> am trying to > >> solve. Here they are: > >> > >> ~~~ > >> > >> https://gateway/vqwiki-2.7.1/jsp/test2.jsp?action=redirect > >> > >> GET /vqwiki-2.7.1/jsp/test2.jsp?action=redirect HTTP/1.1 > >> Host: gateway > >> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; > en-US; rv:1.7.6) > >> Gecko/20050317 Firefox/1.0.2 > >> Accept: > >> text/xml,application/xml,application/xhtml+xml,text/html;q=0.9 > >> ,text/plain;q=0.8,image/png,*/*;q=0.5 > >> Accept-Encoding: gzip,deflate > >> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > >> Keep-Alive: 300 > >> Connection: keep-alive > >> Referer: https://gateway/vqwiki-2.7.1/jsp/test.jsp > >> Cookie: username=Daniel Silva; > >> JSESSIONID=5A37231975613F6D24D4B2B48F7EBB6B; > >> JSESSIONIDSSO=7083BB840927C2DC40255E36808997E1 > >> Authorization: Basic ZHNpbHZhOmQ0bnMxbHZh > >> > >> HTTP/1.x 302 Moved Temporarily > >> Date: Thu, 07 Apr 2005 00:26:16 GMT > >> Server: Microsoft-IIS/5.0 > >> Pragma: No-cache > >> Cache-Control: no-cache > >> Expires: Wed, 31 Dec 1969 19:00:00 EST > >> Location: http://gateway/vqwiki-2.7.1/jsp/test.jsp?action=redirect > >> Content-Type: text/html;charset=ISO-8859-1 > >> Content-Language: en-US > >> Content-Length: 0 > >> > >> ~~~ > >> > >> I hope this extra info will make things more clear. > >> > >> Regards, > >> Daniel > >> > >> > >> > > >> -------------------------------------------------------------- > >> ---------- > >> > *From:* Boyle Owen [mailto:Owen.Boyle@xxxxxxx] > >> > *Sent:* Wed 2005-04-06 11:51 > >> > *To:* users@xxxxxxxxxxxxxxxx > >> > *Subject:* RE: [users@httpd] Apache Reverse Proxy / > Redirect Issue > >> > > >> > Plain text please... > >> > > >> > Then post the relevant rewrite rules from your config (not > >> much can be > >> > done/said without them). > >> > > >> > Rgds, > >> > Owen Boyle > >> > Disclaimer: Any disclaimer attached to this message may > be ignored. > >> > > >> > -----Original Message----- > >> > From: Daniel Silva [mailto:dsilva@xxxxxxxxxxxxxxxxxxxxx] > >> > Sent: Mittwoch, 6. April 2005 16:09 > >> > To: users@xxxxxxxxxxxxxxxx > >> > Subject: [users@httpd] Apache Reverse Proxy / Redirect Issue > >> > > >> > > >> > Hello everybody. I am new here, was hoping to post a > problem I am > >> > having, would love to hear some input. I've been > dealing with this > >> > problem for a while now and it's driving me nuts, haven't > >> been able to > >> > find the problem. > >> > > >> > I have a gateway server that is running OpenBSD and Apache > >> 2 and is set > >> > up with mod_ssl and mod_proxy. The only listen port is > >> 443. I have it > >> > configured so that a bunch of requests are handled by a > >> backend server, > >> > running on port 4080. Something like > >> https://gateway/resourceA maps to > >> > http://backendserver:4080/resourceA. I have ProxyPass to handle > >> > requests, and ProxyPassReverse to handle the redirects. However, > >> > ProxyPassReverse doesn't seem to be doing it's job, because > >> redirects > >> > are not working properly. > >> > > >> > Let me explain what I mean. Let's say, for example, that > >> > resourceA/test1.html redirects in the backend server to > >> > resourceA/test2.html. When I request > >> > https://gateway/resourceA/test1.html, I would expect to get > >> > https://gateway/resourceA/test2.html. However, instead > >> what happens is > >> > that the redirect generates a request on port 80, or > >> > http://gateway/resourceA/test2.html. This, of course, > >> times out because > >> > my Apache instance on my gateway server is not listening on > >> port 80, nor > >> > is my firewall allowing communication on port 80 to this > >> gateway server. > >> > > >> > I tried opening up port 80 on my firewall, listening on > >> port 80, and > >> > writing some mod_rewrite directives to redirect requests on > >> http:// to > >> > https://. This does not work. The redirect generated is > >> still for port > >> > 80 (it is not getting re-written to https), and of course > >> it can't find > >> > any such resource on the gateway server, so I get a 403 > >> back (which is > >> > odd, I would have expected 404, but I am getting a > >> forbidden HTTP code > >> > back). > >> > > >> > I suspect this has to do with how I am setting up the servername > >> > directive. Right now I have it set up as gateway:80 (I am > >> using the > >> > actual domain, not the word 'gateway' but the actual > domain is not > >> > important). If I change it to gateway:443, I get a > bunch of errors > >> > logged that say "warning: running http over an https port" > >> or something > >> > like that. > >> > > >> > I don't know if I've said enough to characterize the > problem. I've > >> > searched the net and usenet groups up and down looking for > >> an answer, > >> > but I've yet to find a solution. Please help!! > >> > > >> > Thanks, > >> > Daniel > >> > > >> > -- > >> > Daniel A. Silva > >> > Senior Consultant, PlatinumSolutions, Inc. > >> > PH: 703.471.9793 FAX: 703.471.7140 > >> > > >> > daniel.silva@xxxxxxxxxxxxxxxxxxxxx > >> > > >> > http://www.platinumsolutions.com > >> > > >> > This message is for the designated recipient only and may contain > >> > privileged, proprietary, or otherwise private information. > >> If you have > >> > received it in error, please notify the sender immediately > >> and delete > >> > the original. Any other use of the email by you is prohibited. > >> > > >> > Diese E-mail ist eine private und persnliche > Kommunikation. Sie hat > >> > keinen Bezug zur B rsen- bzw. Geschftst tigkeit der SWX > >> Gruppe. This > >> > e-mail is of a private and personal nature. It is not > >> related to the > >> > exchange or business activities of the SWX Group. Le prsent > >> e-mail est > >> > un message priv et personnel, sans rapport avec l'activit > >> boursi re du > >> > Groupe SWX. > >> > > >> > > >> > This message is for the named person's use only. It may contain > >> > confidential, proprietary or legally privileged information. No > >> > confidentiality or privilege is waived or lost by any > >> mistransmission. > >> > If you receive this message in error, please notify the > >> sender urgently > >> > and then immediately delete the message and any copies of > >> it from your > >> > system. Please also immediately destroy any hardcopies of > >> the message. > >> > You must not, directly or indirectly, use, disclose, > >> distribute, print, > >> > or copy any part of this message if you are not the > >> intended recipient. > >> > The sender's company reserves the right to monitor all e-mail > >> > communications through their networks. Any views > expressed in this > >> > message are those of the individual sender, except where > >> the message > >> > states otherwise and the sender is authorised to state them > >> to be the > >> > views of the sender's company. > >> > > >> > > >> > --------------------------------------------------------------------- > >> > The official User-To-User support forum of the Apache HTTP > >> Server Project. > >> > See <URL:http://httpd.apache.org/userslist.html> for more info. > >> > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > >> > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > >> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > >> > > >> > >> > >> > --------------------------------------------------------------------- > >> The official User-To-User support forum of the Apache HTTP > >> Server Project. > >> See <URL:http://httpd.apache.org/userslist.html> for more info. > >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > >> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > >> > >> > > > > > > This message is for the named person's use only. It may contain > > confidential, proprietary or legally privileged information. No > > confidentiality or privilege is waived or lost by any > mistransmission. If > > you receive this message in error, please notify the sender > urgently and > > then immediately delete the message and any copies of it > from your system. > > Please also immediately destroy any hardcopies of the > message. You must > > not, directly or indirectly, use, disclose, distribute, > print, or copy any > > part of this message if you are not the intended recipient. > The sender's > > company reserves the right to monitor all e-mail > communications through > > their networks. Any views expressed in this message are those of the > > individual sender, except where the message states otherwise and the > > sender is authorised to state them to be the views of the sender's > > company. > > > > > --------------------------------------------------------------------- > > The official User-To-User support forum of the Apache HTTP > Server Project. > > See <URL:http://httpd.apache.org/userslist.html> for more info. > > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > > > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP > Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx