Re: [users@httpd] self-referential URL's and load balancer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi enigma,


On Jun 12, 2006, at 1:53 PM, enigma wrote:


I have a problem with the self-referential URL's being generated by Apache
when a hardware load balancer is front ending it.

This is a well-known problem with load balancing and SSL offload in front of any web server. The httpd simply doesn't know that HTTPS exists in front of it, and can not generate the correct Location: headers for Redirect responses.

Some load balancers have built-in fixups for outgoing response headers. You can use those to repair the Location: headers as they are sent to the browser. See your load balancer documentation, support community or your favorite SE to set this up.

Which version of Apache are you using on which platform? The trunk of Apache now has support for setting the scheme in the ServerName directive, so you can go

ServerName https://myserver.foo.com

with optional port. You can see the code at:

http://svn.apache.org/viewvc?view=rev&revision=399947

That should go a long way towards fixing your issue, especially if everything you do happens inside the web server. And, any module that plays nice and calls the http_scheme hook should get the correct information.

I have proposed to backport this to Apache 2.2, and a version of the patch that applies to the 2.2.x branch is at:

http://people.apache.org/~sctemme/servername_22x.patch

Unfortunately, httpd 1.3 hardcodes this scheme information so this approach will not work. the EAPI patch at least makes it settable, but you only have that if you have mod_ssl.

https://www.example.com/test/

I have tried setting UseCanonicalName Off without success. I can remap the
port with the port directive, but it still changes the https to http.

UseCanonicalName Off should help with the port value, but not the scheme.

You mention the Port directive, which disappeared in httpd 2.0 so that means you're using 1.3. As I said, the ServerName [scheme://] hostname[:port] code does not work with that version, so unless you can upgrade you'll have to fix this on the Load Balancer.

S.

--
sander@xxxxxxxxx              http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF




--
sctemme@xxxxxxxxxx            http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF


Attachment: smime.p7s
Description: S/MIME cryptographic signature


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux