Apache proxy problem with https/http and 302 redirects

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Greetings.  I am having a problem with the Apache Proxy directives.

Here is my setup:

CLIENT <--> Apache SSL <--> http proxy to tomcat server

A client comes in with an https:// request.  Apache receives that
request and proxies the connection to our backend tomcat server via
http.  The tomcat server sends back data.  Apache then sends that tomcat
data back to the client over the SSL connection.  This part works
perfectly.

However, when the tomcat server sends a 302 redirect (we're using
j_security_check), Apache is sending that redirect back to the client as
HTTP and not HTTPS, therefore triggering the CLIENT IE6/7 browser to
popup "Warning, you are about to enter an unsecure site...".

Has anyone else experienced this, or have ideas why the HTTPS connection
is being broken?

*Another note, when I switch to using a JkMount with
worker/properties/ajp, and do not use ProxyPass/ProxyPassReverse/http,
there is no problem.

Here are our configs:

httpd-ssl.conf
--------------
<VirtualHost 172.27.16.116:443>
	DocumentRoot "/usr/local/apache2/htdocs/MYSITE"
	ServerName www.MYSITE.com:443

	...SSL STUFF...

	ProxyPreserveHost On

	ProxyPass /distrib/ http://172.27.162.132:8080/distrib/
	ProxyPassReverse /distrib/ http://172.27.162.132:8080/distrib/
	ProxyPass /content/ http://172.27.162.132:8080/content/
	ProxyPassReverse /content/ http://172.27.162.132:8080/content/

	#JkMount  /distrib/* worker1
	#JkMount  /content/* worker1
</VirtualHost>

Apache Version (64-bit)
-----------------------
Server version: Apache/2.2.4 (Unix)
Server built:   Feb 22 2007 11:00:07

Apache Build Configuration
--------------------------
--enable-modules=ssl rewrite proxy proxy-connect proxy-http
--with-mpm=worker

OS Information
--------------
Linux HOSTNAME.wrightexpress.com 2.6.9-42.ELsmp #1 SMP Wed Jul 12
23:32:02 EDT 2006 x86_64 x86_64 x86_64 GNU/Linux

Thanks for any help or ideas.

Scott Campbell
Web Systems Administrator
Wright Express
http://www.wrightexpress.com


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux