Re: Rewrite rule with F5 redirect to https

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jeff,

Thank you so much for your comments.   I have resolve the issues.
I have review F5 and Apache configuration and you are right, it should 
work fine with the configuration that I have.  The problem I have was with
the AppAmor access for the maintenance directory.  As soon as I enable the 
/srv/www/maintenace in the AppAmor everything work fine.

Thanks again for the respond.

Best Regards,

Y


----- Original Message -----
From: "Jeff McAdams" <jeffm@xxxxxxxxx>
To: users@xxxxxxxxxxxxxxxx
Sent: Thursday, October 2, 2008 1:55:38 PM (GMT-0500) America/New_York
Subject: Re:  Rewrite rule with F5 redirect to https

Yoom Nguyen wrote:
> I have this rewrite rule implemented and it will work fine if I access to Apache
> web server directly.   But, if the traffic route to a load balancer (F5) then to the Apache server
> it won't work.  The browser will trying to open the maintenance.html page and nothing will display and 
> it won't give any error either.

> Here is what the load balancer F5 does, F5 perform a https server for the Apache server.
> So any traffic reply from Apache on port 80 will be display on port 443 on the end user's browser.

> Is there a way to change the RewriteCond or RewriteRule to accommodate the Https issues???

You basically have two options:
- You can change the RewriteRule to be a full URL so you end up with
something like

RewriteRule ^(.*)$ https://<hostname>/maintenance.html [R=302,NC,L]

Or, you can, in the F5 Big-IP, in the http profile you use on the
virtual server, you can set the "Redirect Rewrite" pulldown to either
"Matching" or "All"

The Redirect Rewrite in the F5 Big-IP will alter redirects being sent
back out from back-end servers (such as Apache in your case) that don't
know the connection really came in on an HTTPS connection so that the
scheme that is sent back for the Location: is https instead of plain http.

We use the http profile in the F5 Big-IP to do it, and it works great.

> The below syntax was recommended by Eric Covener? and it works for going direct to Apache but not going through 
> the F5 load balancer. 
> 
> 
>        DocumentRoot /srv/www/maintenance/
> 
>         # Rewrite Rules
>         RewriteEngine on
>         RewriteCond %{REQUEST_URI} !=/maintenance.html
> 
> # Apache log files and location
>         ErrorLog /var/log/apache2/maintenance.error_log
>         CustomLog /var/log/apache2/maintenance.access_log combined
> 
>         # Redirect rule
>         RewriteRule ^(.*)$ /maintenance.html [R=302,NC,L]
> 
> #########  Local server landing page #########################
>         <Directory "/srv/www/maintenance/">
>         Options None
>         Order allow,deny
>         Allow from all
>         </Directory>
> 
> 
> Thanks much,
> 
> Y
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> 


-- 
Jeff McAdams
"They that can give up essential liberty to obtain a
little temporary safety deserve neither liberty nor safety."
                                       -- Benjamin Franklin


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux