I was hoping there would be a way to let apache know the url being
requested was "https://...";. Here is a log when I navigate to a https
page:
75.83.2.48 - - [23/Nov/2007:21:47:51 --0800]
[www.domain.com/sid#5555557f2f90][rid#555555a1c188/initial] (2)
explicitly forcing redirect with
https://www.domain.com/scripts/vendor/membership_renew.php
75.83.2.48 - - [23/Nov/2007:21:47:51 --0800]
[www.domain.com/sid#5555557f2f90][rid#555555a1c188/initial] (1) escaping
https://www.domain.com/scripts/vendor/membership_renew.php for redirect
75.83.2.48 - - [23/Nov/2007:21:47:51 --0800]
[www.domain.com/sid#5555557f2f90][rid#555555a1c188/initial] (1) redirect
to https://www.feedisclosure.com/scripts/vendor/membership_renew.php
[REDIRECT/301]
75.83.2.48 - - [23/Nov/2007:21:47:51 --0800]
[www.domain.com/sid#5555557f2f90][rid#555555a1e198/initial] (2) init
rewrite engine with requested uri /scripts/vendor/membership_renew.php
75.83.2.48 - - [23/Nov/2007:21:47:51 --0800]
[www.domain.com/sid#5555557f2f90][rid#555555a1e198/initial] (2) rewrite
'/scripts/vendor/membership_renew.php' ->
'https://www.domain.com/scripts/vendor/membership_renew.php'
The logs show the correct url, so all I need is to somehow let apache
know not to rewrite if this is the case -
RewriteCond !=https://www???
RewriteCond %{REQUEST_URI} ^/scripts/vendor/new_fmpackage\.php$
RewriteRule ^.*$ https://www.domain.com%{REQUEST_URI} [R=301,L]
I don't know how to create a rule that checks if it has already been
rewritten.
Matt
-----Original Message-----
From: Brian A. Seklecki [mailto:lavalamp@xxxxxxxxxxxxxxxxxxxxxx]
Sent: Friday, November 23, 2007 6:16 PM
To: users@xxxxxxxxxxxxxxxx
Subject: RE: Redirect to HTTPS using Load Balancer/SSL
Offload
You could use a wildcard SSL cert and redirect to
https://secure.*.tld:/patcha/patchb/file then make your determination
based on the hostname.
The extra $100 cert is a lot less expensive than Radware AppXcel for
sure.
On Fri, 23 Nov 2007, Matt Bullock wrote:
> Date: Fri, 23 Nov 2007 18:06:12 -0800
> From: Matt Bullock <mbullock@xxxxxxxxx>
> Reply-To: users@xxxxxxxxxxxxxxxx
> To: users@xxxxxxxxxxxxxxxx
> Subject: RE: Redirect to HTTPS using Load Balancer/SSL
Offload
>
> Eric,
>
> That definitely seems like the reason the redirect keeps looping.
Every
> example I have seen has involved {SERVER_PORT} (is or isn't) 443 as a
> RewriteCond, but I haven't found a way to let apache know if the
current
> session between the client and the load balancer is being encrypted or
> not.
>
> Brian,
>
> I am using a Barracuda, which is far cheaper, and has far less
features
> than some of the other vendors like Radware, F5 and Cisco
LocalDirector.
> I will find out if it there is a way for the barracuda to let apache
> know its current offload status so it can differentiate between each
> request.
>
> Matt
>
>
> -----Original Message-----
> From: Brian A. Seklecki [mailto:lavalamp@xxxxxxxxxxxxxxxxxxxxxx]
> Sent: Friday, November 23, 2007 5:36 PM
> To: Eric Covener
> Cc: users@xxxxxxxxxxxxxxxx
> Subject: Re: Redirect to HTTPS using Load Balancer/SSL
> Offload
>
>
> Radware has some nice header rewriting features in its SSL accelerator
> package.
>
> ~BAS
>
> On Fri, 23 Nov 2007, Eric Covener wrote:
>
>> Date: Fri, 23 Nov 2007 20:25:30 -0500
>> From: Eric Covener <covener@xxxxxxxxx>
>> Reply-To: users@xxxxxxxxxxxxxxxx
>> To: users@xxxxxxxxxxxxxxxx
>> Subject: Re: Redirect to HTTPS using Load Balancer/SSL
> Offload
>>
>> On Nov 23, 2007 7:59 PM, Matt Bullock <mbullock@xxxxxxxxx> wrote:
>>> Thanks for the reply. The redirect loops the requested page never
> comes
>>> up. The log prints the same thing over and over.
>>
>> You said the LB does SSL offload. You haven't given apache any way to
>> distinguish when someone hits the LB via http or https, so it
>> redirects in both cases. Maybe your LB sets some additional header
>> in the case it handled SSL?
>>
>>
>> --
>> Eric Covener
>> covener@xxxxxxxxx
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server
> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>
>>
>>
>>
>>
>>
>>
>>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>
>
>
>
>
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|