Re: Reverse Proxy https to http

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



sorry i made a mistake when I wrote the URL's before

basically

this is what the client gets after the POST
http://mydomain.com/lsw/clientele/ses/pagePersonnelle.jsp?Mouftah=VXV744A9SVZMU9P

rather then getting

https://mydomain.com/lsw/clientele/ses/pagePersonnelle.jsp?Mouftah=VXV744A9SVZMU9P

I copy pasted the info from my httpd.conf to my ssl.conf file and it
SEEMS to work.
But how do I preserve cookies if the Preserver host directive is disabled.
Take note that when I enable that option, everything that is backend
http stops working....

thx


On Thu, Apr 22, 2010 at 10:03 AM, GB GB <gbcyoyo@xxxxxxxxx> wrote:
> I dont know why, but when I copy paste my virtualhost info from
> httpd.conf and put in ssl.conf like you it works??!!
>
> thx
>
> On Thu, Apr 22, 2010 at 9:01 AM, Mauri <lain80@xxxxxxxxx> wrote:
>>
>> u can investigate on the version. I have this: httpd-2.2.3-31
>>
>> Please see at ssl.conf top:
>> ================================================
>> LoadModule ssl_module modules/mod_ssl.so
>> LoadFile   /usr/lib/libxml2.so
>> LoadModule proxy_html_module modules/mod_proxy_html.so
>> LoadModule xml2enc_module modules/mod_xml2enc.so
>> ================================================
>>
>> have u load this module?
>>
>>
>> 2010/4/22 GB GB <gbcyoyo@xxxxxxxxx>
>>>
>>> The version I am using is
>>> Server version: Apache/2.0.54
>>> Server built:   Sep 23 2005 15:28:48
>>>
>>>  ProxyHTMLURLMap doesn't work with what I am using.....
>>>
>>>
>>> On Thu, Apr 22, 2010 at 8:32 AM, Mauri <lain80@xxxxxxxxx> wrote:
>>> > Hi GB.
>>> >
>>> > I have a similar solution.
>>> >
>>> > Client --> https://mysite.com --> proxy --> http://backend.
>>> >
>>> > the url in the client broswer is https://mysite.com.
>>> >
>>> > this is my /etc/httpd/conf.d/ssl.conf:
>>> >
>>> >
>>> >
>>> > LoadModule ssl_module modules/mod_ssl.so
>>> > LoadFile   /usr/lib/libxml2.so
>>> > LoadModule proxy_html_module modules/mod_proxy_html.so
>>> > LoadModule xml2enc_module modules/mod_xml2enc.so
>>> > Listen 443
>>> > AddType application/x-x509-ca-cert .crt
>>> > AddType application/x-pkcs7-crl    .crl
>>> > SSLPassPhraseDialog  builtin
>>> > SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
>>> > SSLSessionCacheTimeout  300
>>> > SSLMutex default
>>> > SSLRandomSeed startup file:/dev/urandom  256
>>> > SSLRandomSeed connect builtin
>>> > SSLCryptoDevice builtin
>>> >
>>> > NameVirtualHost mysite.com:443
>>> > <VirtualHost mysite.com:443>
>>> > ServerName mysite.com
>>> > ProxyRequests off
>>> > ProxyPass / https://10.173.90.167:8443/
>>> > ProxyHTMLURLMap https://10.173.90.167:8443 /
>>> > <Location />
>>> >         ProxyPassReverse https://10.173.90.167:8443/
>>> >         ProxyHTMLEnable On
>>> >         ProxyHTMLURLMap  /      /
>>> >         RequestHeader    unset  Accept-Encoding
>>> > </Location>
>>> >
>>> > SSLEngine on
>>> > SSLProxyEngine on
>>> > SSLProtocol all -SSLv2
>>> > SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
>>> > SSLCertificateFile /etc/httpd/cert/IT_Global_Alternative.cer
>>> > SSLCertificateKeyFile /etc/httpd/cert/IT_Global_Alternative.key
>>> > SSLCertificateChainFile /etc/httpd/cert/IT_Global_CA.cer
>>> >
>>> > <Files ~ "\.(cgi|shtml|phtml|php3?)$">
>>> >     SSLOptions +StdEnvVars
>>> > </Files>
>>> > <Directory "/var/www/cgi-bin">
>>> >     SSLOptions +StdEnvVars
>>> > </Directory>
>>> > SetEnvIf User-Agent ".*MSIE.*" \
>>> >          nokeepalive ssl-unclean-shutdown \
>>> >          downgrade-1.0 force-response-1.0
>>> > CustomLog logs/ssl_request_log \
>>> >           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>>> > </VirtualHost>
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> > 2010/4/22 GB GB <gbcyoyo@xxxxxxxxx>
>>> >>
>>> >> Basically what goes on when the user types in https://mydomain.com/lsw
>>> >> he gets an authentification page from the backend application. Once he
>>> >>  enters his credentials, I notice a POST in the apache logs.
>>> >>
>>> >> This is what the user types in:
>>> >> https://mydomain.com/lsw/clientele/gen/authentification.jsp
>>> >> he enters his credentials, then a POST appears in the log :
>>> >> POST /lsw/clientele/gen/authentification.jsp HTTP/1.1" 302
>>> >>
>>> >> and in the browser I get the following: The connection has timed out
>>> >>
>>> >>
>>> >>
>>> >> http://backend2.ca/lsw/clientele/ses/pagePersonnelle.jsp?Mouftah=VXV744A9SVZMU9P
>>> >>
>>> >> the above link doesn't work because its http rather than https!!
>>> >>
>>> >> If I add the "s" manually
>>> >>
>>> >>
>>> >> https://backend2.ca/lsw/clientele/ses/pagePersonnelle.jsp?Mouftah=VXV744A9SVZMU9P
>>> >>  then it works.
>>> >>
>>> >> 1)So how can I force the protocole to remain https once the client
>>> >> does a POST.....
>>> >> 2)I have noticed in many examples that people use PreserveHost on, in
>>> >> my case, if activate
>>> >> PreserveHost on then I cant even get the first page to work:
>>> >>
>>> >> Thx in advance
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> On Wed, Apr 21, 2010 at 4:56 AM, Krist van Besien
>>> >> <krist.vanbesien@xxxxxxxxx> wrote:
>>> >> > On Tue, Apr 20, 2010 at 6:41 PM, GB GB <gbcyoyo@xxxxxxxxx> wrote:
>>> >> >
>>> >> >
>>> >> >
>>> >> >> #this for some reason becomes http from client perspective
>>> >> >> #PreserveHost on does not work with lsw, so I disabled it....
>>> >> >> RewriteRule       ^/lsw(.*)$    http://backend2.ca:8082/lsw$1
>>> >> >> [NC,P,L]
>>> >> >> ProxyPassReverse  /lsw          http://backend2.ca:8082/lsw
>>> >> >> Redirect permanent /lsw https://mydomain.com/lsw
>>> >> >
>>> >> > First of all: Remove the "Redirect Permanent". It's not needed (as
>>> >> > this virtualhost only gets https requests anyway) and confuses. If
>>> >> > you
>>> >> > want to make sure that people who accidentaly land on the http site
>>> >> > get redirected to https you need to put a redirect in the http
>>> >> > virtual
>>> >> > host.
>>> >> >
>>> >> > Secondly: Look at what your backend produces. It is very well
>>> >> > possible
>>> >> > that it passes html pages back to the client that contain http://
>>> >> > style URLs. RewriteRule only operates on request URLs,
>>> >> > ProxyPassReverse only on redirects passed back. The content passed
>>> >> > back by the backend is not modified.
>>> >> >
>>> >> > HTH,
>>> >> >
>>> >> > Krist
>>> >> >
>>> >> > --
>>> >> > krist.vanbesien@xxxxxxxxx
>>> >> > krist@xxxxxxxxxxxxx
>>> >> > Bremgarten b. Bern, Switzerland
>>> >> > --
>>> >> > A: It reverses the normal flow of conversation.
>>> >> > Q: What's wrong with top-posting?
>>> >> > A: Top-posting.
>>> >> > Q: What's the biggest scourge on plain text email discussions?
>>> >> >
>>> >> > ---------------------------------------------------------------------
>>> >> > The official User-To-User support forum of the Apache HTTP Server
>>> >> > Project.
>>> >> > See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> >> > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>>> >> >   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
>>> >> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>> >> >
>>> >> >
>>> >>
>>> >> ---------------------------------------------------------------------
>>> >> The official User-To-User support forum of the Apache HTTP Server
>>> >> Project.
>>> >> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>>> >>   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
>>> >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>> >>
>>> >
>>> >
>>>
>>> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server Project.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>>>   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>>
>>
>>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux