Hey guys (and gals) - Let me first start out with an overall description of what I hope to accomplish, then talk about what I've spent all day doing. Hopefully someone can tell me what I'm doing wrong. I have a requirement for a staging site to force users to SSL for a particular CGI script. I'm not running mod_ssl on Apache, rather SSL is provided externally by stunnel (which decrypts traffic and then passes it on). The reason that this is done is to remain as close to our production configurations as conceivable in staging (in production, SSL is handled by a hardware accelerator). So here's a picture of my setup (apologies for the horrid artwork): ------------ | User | ------------ | | | ------------ | haproxy | | port 80 | ------------ | | | |------------| | Apache |----------|---------| | port 56153 | | Redirect| -------------- | to SSL | | ----------- | | | | | |---------| | | stunnel | | |---------| | | | | | |---------| | | | |------------------| haproxy | | port 81 | | | ----------- You'll notice that both SSL and non-SSL talk to the same Apache vhost. I have the following mod_rewrite rules in place: RewriteEngine On # redirects to secure site #RewriteRule ^/$ https://somehwere.com/cgi-bin/mt.cgi [R,L] RewriteLog logs/rewrite.log RewriteLogLevel 5 RewriteCond %{REQUEST_URI} ^/cgi-bin(.*)$ RewriteCond %{SERVER_PORT} !^81$ RewriteRule (.*)$ https://somewhere.com$1 [R,L] However, as can be evidenced by the following snippet from the rewrite.log, it appears that %{SERVER_PORT} is always evaluating to 80, even though port 80 is nowhere in the path of the request after redirecting to SSL. I've verified by directly going to the webserver on port 56153 that the value is as expected, as well as directly through haproxy on port 81 (it correctly evaluates to 56153 and 81, respectively). This snippet is from a request that went to port 81 on haproxy via port 443 decrypted by stunnel. 165.193.222.20 - - [11/Jan/2010:17:23:56 +0000] [somewhere.com/sid#4f06840][rid#4f94f88/initial] (2) init rewrite engine with requested uri /cgi-bin/mt.cgi 165.193.222.20 - - [11/Jan/2010:17:23:56 +0000] [somewhere.com/sid#4f06840][rid#4f94f88/initial] (3) applying pattern '^/$' to uri '/cgi-bin/mt.cgi' 165.193.222.20 - - [11/Jan/2010:17:23:56 +0000] [somewhere.com/sid#4f06840][rid#4f94f88/initial] (3) applying pattern '(.*)$' to uri '/cgi-bin/mt.cgi' 165.193.222.20 - - [11/Jan/2010:17:23:56 +0000] [somewhere.com/sid#4f06840][rid#4f94f88/initial] (4) RewriteCond: input='/cgi-bin/mt.cgi' pattern='^/cgi-bin(.*)$' => matched 165.193.222.20 - - [11/Jan/2010:17:23:56 +0000] [somewhere.com/sid#4f06840][rid#4f94f88/initial] (4) RewriteCond: input='80' pattern='!^81$' => matched 165.193.222.20 - - [11/Jan/2010:17:23:56 +0000] [somewhere.com/sid#4f06840][rid#4f94f88/initial] (2) rewrite '/cgi-bin/mt.cgi' -> 'https://somewhere.com/cgi-bin/mt.cgi' 165.193.222.20 - - [11/Jan/2010:17:23:56 +0000] [somewhere.com/sid#4f06840][rid#4f94f88/initial] (2) explicitly forcing redirect with https://somewhere.com/cgi-bin/mt.cgi 165.193.222.20 - - [11/Jan/2010:17:23:56 +0000] [somewhere.com/sid#4f06840][rid#4f94f88/initial] (1) escaping https://somewhere.com/cgi-bin/mt.cgi for redirect 165.193.222.20 - - [11/Jan/2010:17:23:56 +0000] [somewhere.com/sid#4f06840][rid#4f94f88/initial] (1) redirect to https://somewhere.com/cgi-bin/mt.cgi [REDIRECT/302] 165.193.222.20 - - [11/Jan/2010:17:23:56 +0000] [somewhere.com/sid#4f06840][rid#4f99aa8/initial/redir#1] (2) init rewrite engine with requested uri /302.html 165.193.222.20 - - [11/Jan/2010:17:23:56 +0000] [somewhere.com/sid#4f06840][rid#4f99aa8/initial/redir#1] (3) applying pattern '^/$' to uri '/302.html' 165.193.222.20 - - [11/Jan/2010:17:23:56 +0000] [somewhere.com/sid#4f06840][rid#4f99aa8/initial/redir#1] (3) applying pattern '(.*)$' to uri '/302.html' 165.193.222.20 - - [11/Jan/2010:17:23:56 +0000] [somewhere.com/sid#4f06840][rid#4f99aa8/initial/redir#1] (4) RewriteCond: input='/302.html' pattern='^/cgi-bin(.*)$' => not-matched 165.193.222.20 - - [11/Jan/2010:17:23:56 +0000] [somewhere.com/sid#4f06840][rid#4f99aa8/initial/redir#1] (1) pass through /302.html I'm at a complete loss as to what I've done wrong here, or where port 80 is even coming from. Thanks in advance for any help that you can give -Jon --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx