You could use a wildcard SSL cert and redirect to https://secure.*.tld:/patcha/patchb/file then make your determination based on the hostname.
The extra $100 cert is a lot less expensive than Radware AppXcel for sure. On Fri, 23 Nov 2007, Matt Bullock wrote:
Date: Fri, 23 Nov 2007 18:06:12 -0800 From: Matt Bullock <mbullock@xxxxxxxxx> Reply-To: users@xxxxxxxxxxxxxxxx To: users@xxxxxxxxxxxxxxxx Subject: RE: Redirect to HTTPS using Load Balancer/SSL Offload Eric, That definitely seems like the reason the redirect keeps looping. Every example I have seen has involved {SERVER_PORT} (is or isn't) 443 as a RewriteCond, but I haven't found a way to let apache know if the current session between the client and the load balancer is being encrypted or not. Brian, I am using a Barracuda, which is far cheaper, and has far less features than some of the other vendors like Radware, F5 and Cisco LocalDirector. I will find out if it there is a way for the barracuda to let apache know its current offload status so it can differentiate between each request. Matt -----Original Message----- From: Brian A. Seklecki [mailto:lavalamp@xxxxxxxxxxxxxxxxxxxxxx] Sent: Friday, November 23, 2007 5:36 PM To: Eric Covener Cc: users@xxxxxxxxxxxxxxxx Subject: Re: Redirect to HTTPS using Load Balancer/SSL Offload Radware has some nice header rewriting features in its SSL accelerator package. ~BAS On Fri, 23 Nov 2007, Eric Covener wrote:Date: Fri, 23 Nov 2007 20:25:30 -0500 From: Eric Covener <covener@xxxxxxxxx> Reply-To: users@xxxxxxxxxxxxxxxx To: users@xxxxxxxxxxxxxxxx Subject: Re: Redirect to HTTPS using Load Balancer/SSLOffloadOn Nov 23, 2007 7:59 PM, Matt Bullock <mbullock@xxxxxxxxx> wrote:Thanks for the reply. The redirect loops the requested page nevercomesup. The log prints the same thing over and over.You said the LB does SSL offload. You haven't given apache any way to distinguish when someone hits the LB via http or https, so it redirects in both cases. Maybe your LB sets some additional header in the case it handled SSL? -- Eric Covener covener@xxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP ServerProject.See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|