The version I am using is
Server version: Apache/2.0.54
Server built: Sep 23 2005 15:28:48
ProxyHTMLURLMap doesn't work with what I am using.....
On Thu, Apr 22, 2010 at 8:32 AM, Mauri <lain80@xxxxxxxxx> wrote:
> Hi GB.
>
> I have a similar solution.
>
> Client --> https://mysite.com --> proxy --> http://backend.
>
> the url in the client broswer is https://mysite.com.
>
> this is my /etc/httpd/conf.d/ssl.conf:
>
>
>
> LoadModule ssl_module modules/mod_ssl.so
> LoadFile /usr/lib/libxml2.so
> LoadModule proxy_html_module modules/mod_proxy_html.so
> LoadModule xml2enc_module modules/mod_xml2enc.so
> Listen 443
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl .crl
> SSLPassPhraseDialog builtin
> SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
> SSLSessionCacheTimeout 300
> SSLMutex default
> SSLRandomSeed startup file:/dev/urandom 256
> SSLRandomSeed connect builtin
> SSLCryptoDevice builtin
>
> NameVirtualHost mysite.com:443
> <VirtualHost mysite.com:443>
> ServerName mysite.com
> ProxyRequests off
> ProxyPass / https://10.173.90.167:8443/
> ProxyHTMLURLMap https://10.173.90.167:8443 /
> <Location />
> ProxyPassReverse https://10.173.90.167:8443/
> ProxyHTMLEnable On
> ProxyHTMLURLMap / /
> RequestHeader unset Accept-Encoding
> </Location>
>
> SSLEngine on
> SSLProxyEngine on
> SSLProtocol all -SSLv2
> SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
> SSLCertificateFile /etc/httpd/cert/IT_Global_Alternative.cer
> SSLCertificateKeyFile /etc/httpd/cert/IT_Global_Alternative.key
> SSLCertificateChainFile /etc/httpd/cert/IT_Global_CA.cer
>
> <Files ~ "\.(cgi|shtml|phtml|php3?)$">
> SSLOptions +StdEnvVars
> </Files>
> <Directory "/var/www/cgi-bin">
> SSLOptions +StdEnvVars
> </Directory>
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
> CustomLog logs/ssl_request_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> </VirtualHost>
>
>
>
>
>
>
> 2010/4/22 GB GB <gbcyoyo@xxxxxxxxx>
>>
>> Basically what goes on when the user types in https://mydomain.com/lsw
>> he gets an authentification page from the backend application. Once he
>> enters his credentials, I notice a POST in the apache logs.
>>
>> This is what the user types in:
>> https://mydomain.com/lsw/clientele/gen/authentification.jsp
>> he enters his credentials, then a POST appears in the log :
>> POST /lsw/clientele/gen/authentification.jsp HTTP/1.1" 302
>>
>> and in the browser I get the following: The connection has timed out
>>
>>
>> http://backend2.ca/lsw/clientele/ses/pagePersonnelle.jsp?Mouftah=VXV744A9SVZMU9P
>>
>> the above link doesn't work because its http rather than https!!
>>
>> If I add the "s" manually
>>
>> https://backend2.ca/lsw/clientele/ses/pagePersonnelle.jsp?Mouftah=VXV744A9SVZMU9P
>> then it works.
>>
>> 1)So how can I force the protocole to remain https once the client
>> does a POST.....
>> 2)I have noticed in many examples that people use PreserveHost on, in
>> my case, if activate
>> PreserveHost on then I cant even get the first page to work:
>>
>> Thx in advance
>>
>>
>>
>>
>> On Wed, Apr 21, 2010 at 4:56 AM, Krist van Besien
>> <krist.vanbesien@xxxxxxxxx> wrote:
>> > On Tue, Apr 20, 2010 at 6:41 PM, GB GB <gbcyoyo@xxxxxxxxx> wrote:
>> >
>> >
>> >
>> >> #this for some reason becomes http from client perspective
>> >> #PreserveHost on does not work with lsw, so I disabled it....
>> >> RewriteRule ^/lsw(.*)$ http://backend2.ca:8082/lsw$1
>> >> [NC,P,L]
>> >> ProxyPassReverse /lsw http://backend2.ca:8082/lsw
>> >> Redirect permanent /lsw https://mydomain.com/lsw
>> >
>> > First of all: Remove the "Redirect Permanent". It's not needed (as
>> > this virtualhost only gets https requests anyway) and confuses. If you
>> > want to make sure that people who accidentaly land on the http site
>> > get redirected to https you need to put a redirect in the http virtual
>> > host.
>> >
>> > Secondly: Look at what your backend produces. It is very well possible
>> > that it passes html pages back to the client that contain http://
>> > style URLs. RewriteRule only operates on request URLs,
>> > ProxyPassReverse only on redirects passed back. The content passed
>> > back by the backend is not modified.
>> >
>> > HTH,
>> >
>> > Krist
>> >
>> > --
>> > krist.vanbesien@xxxxxxxxx
>> > krist@xxxxxxxxxxxxx
>> > Bremgarten b. Bern, Switzerland
>> > --
>> > A: It reverses the normal flow of conversation.
>> > Q: What's wrong with top-posting?
>> > A: Top-posting.
>> > Q: What's the biggest scourge on plain text email discussions?
>> >
>> > ---------------------------------------------------------------------
>> > The official User-To-User support forum of the Apache HTTP Server
>> > Project.
>> > See <URL:http://httpd.apache.org/userslist.html> for more info.
>> > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
>> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>> >
>> >
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|