On 6/12/06, enigma <e_nigma_101@xxxxxxxxx> wrote:
I have a problem with the self-referential URL's being generated by Apache when a hardware load balancer is front ending it. The load balancer listens on port 443, decrypts SSL and forwards standard http to Apache on port 13443 on the culster machines. The problem I encounter is when Apache generates self-referential URL's for mod_dir trailing slash redirects and mod_rewrite redirects, it is sending the protocol as http and the port as 13443. So for instance, the brower requests: https://www.example.com/test The redirect returned by Apache is: http://www.example.com:13443/test/ which is invalid on the load balancer and no longer SSL. I want it to be: https://www.example.com/test/ I have tried setting UseCanonicalName Off without success. I can remap the port with the port directive, but it still changes the https to http. Any suggestions??
We had an almost identical question two days ago (see below). Unfortunately, I don't believe there is any way to fix this completely from the apache side short of using the unreleased svn-head version of apache which allows the scheme to be specified with the ServerName directive. On 6/11/06, Damian Birchler <damian@xxxxxxxxx> wrote:
Hi all I have got Squid installed as an httpd accelerator for httpd. Squid will not allow requests to internal.example.com other than per SSL/TLS. Squid itself talks to httpd in plain text. Now, when httpd generates automatic redirects -- what I mean by this, is for example redirecting /foo to /foo/ -- it tells the client to try HTTP://internal.example.com/foo/ which is then blocked by Squid. So, my question: Is it somehow possible to customize automatic redirects, for instance by telling httpd to use only relative paths?
Relative paths are not legal in redirects. Squid probably has the capability to rewrite these headers itself (as apache's mod_proxy can do with the ProxyPassReverse directive). Otherwise, you can tell apache to lie about its true hostname using the ServerName and UseCanonicalName directives. But you will still have a problem with the scheme. The latest development version of apache allows you to configure ServerName to lie about the scheme, but I don't think any released version can do that. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|