I guess the response to the POST is a redirect (302) which is not rewritten by any of the ProxyPassReverse directives. In that case the URL of the Location header probably starts with http://andy:port/ instead of https://my.reverse.proxy.com/
What you need to do is figure out exactly what the value of the Location header of the 302 response is and add a ProxyPassReverse directive that matches that URL.
Looking more closely at your configuration, I notice that you set ProxyPreserveHost On. In that case redirects from the Tomcats would be to http://my.reverse.proxy.com/, and since there is no ProxyPassReverse that matches, Location headers would never be adjusted. Basically, none of the ProxyPassReverse in your configuration would ever match a Location header in a 302 response from Tomcat.
You then have two choices: either turn off ProxyPreserveHost, or change the ProxyPassReverse accordingly. I cannot see any good reason to use ProxyPreserveHost unless your backend application generates absolute HTTP links into HTML contents, based on the Host header.
-ascs
-----Original Message-----
From: Bo Najdrovsky [mailto:httpd@xxxxxxxxxxxxxx]
Sent: Thursday, May 11, 2006 9:36 PM
To: users@xxxxxxxxxxxxxxxx
Subject: [users@httpd] https to http proxy with Apache
Hello, I have a problem I've been grappling with for the past 3 days
without much luck so I thought I'd come to the experts. :-) I have
an Apache 2.0.x server, which acts as a load balancing gateway to
multiple Tomcat servlet containers behind it. This proxying/load
balancing is done using the combination of mod_rewrite and mod_proxy.
It has been working very well for traffic over normal HTTP. I now need
to make this work over HTTPS between the browsers and the Apache, and
that's where I'm having the problem. I configured the Apache server to
listen for HTTPS requests, and they forward correctly over regular HTTP
to the Tomcats behind it, however whenever there is an incoming POST
from a form in the web application, the response from the Tomcat causes
a switch to HTTP, where I need it to remain HTTPS. Here's what the
pertinent portion of the configuration looks like:
RewriteMap tomcats "rnd:/path/to/tomcat-workers.conf"
ProxyPreserveHost On
ProxyTimeout 8000
<Location ~ "/mywebapp">
RewriteEngine On
RewriteCond "%{HTTP_COOKIE}" "(^};\s*)jsessionid=\w*\.(\w+)($|;)" [NC]
RewriteRule "(.*)" "http://$(tomcats:%2)%{REQUEST_URI}" [P,L,NC]
RewriteRule "^.*;jsessionid=\w*\.(\w+)($|;)"
"http://$(tomcats:$1)%{REQUEST_URI}" [P,L,NC]
RewriteRule "(.*)" "http://$(tomcats:all)%{REQUEST_URI}" [P,L,NC]
ProxyPassRevese http://andy:8012/
ProxyPassRevese http://andy:8022/
ProxyPassRevese http://andy:8032/
ProxyPassRevese http://andy:8042/
</Location>
I suspect that the problem lies somewhere in the ProxyPassReverse, but
don't know what I could to remedy it. Any suggestions would be welcome.
Thanks,
Bo
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|