Hello, I am trying to configure my proxy to be able to accept HTTPS and forward requests to backend server which is in HTTP
user-->(https://mydomain.com/abc)---------ssl: [reverse proxy]:http--------------->http://backend.ca/8082/abc I want to preserve the URL as https//mydomain.com/abc. I looked at my firewall logs and noticed 6 https sessions and one http. The http session is what is not working in my rewriting I presume. My goal is to preserve https protocol client side, although the backend is in http..... Also, when I use Preserverhost on when using https to http, it fails right away BUT https to https works good. Thx here is my config file User nobody Group nobody ServerAdmin xxxxxxxxxxxx...@xxxxxxxxxxxxx ServerName mydomain.com UseCanonicalName Off ServerSignature Off HostnameLookups Off SecServerSignature "Serveur-Web/1.0" ServerRoot "/usr/apache2" DocumentRoot "/var/apache2/htdocs" PidFile /var/apache2/logs/httpd.pid ScoreBoardFile /var/apache2/logs/httpd.scoreboard Listen 80 Timeout 60 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 15 <IfModule prefork.c> MinSpareServers 10 MaxSpareServers 20 StartServers 10 MaxClients 256 MaxRequestsPerChild 0 </IfModule> <IfModule worker.c> StartServers 2 MaxClients 250 MinSpareThreads 25 MaxSpareThreads 75 ThreadsPerChild 25 </IfModule> LimitRequestBody 10240 LimitRequestFields 40 LimitRequestFieldsize 1500 LimitRequestline 500 CoreDumpDirectory /var/apache2/logs <Directory /> Options None AllowOverride None Order deny,allow Deny from all </Directory> <Directory "/var/apache2/htdocs"> Order allow,deny Allow from all </Directory> <Directory "/www"> Order allow,deny Allow from all </Directory> <IfModule mod_mime.c> TypesConfig /etc/apache2/mime.types </IfModule> DefaultType text/plain <IfModule mod_mime.c> AddEncoding x-compress .Z AddEncoding x-gzip .gz .tgz AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType application/x-tar .tgz AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl </IfModule> LogLevel notice ErrorLog syslog:local7 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent ErrorLog /var/apache2/logs/error_log CustomLog /var/apache2/logs/access_log combined <IfDefine SSL> LoadModule ssl_module modules/mod_ssl.so </IfDefine> <IfModule mod_ssl.c> Include /etc/apache2/ssl.conf </IfModule> RewriteEngine on RewriteLog /var/apache2/logs/rewrite.log RewriteLogLevel 2 RewriteCond %{SERVER_PROTOCOL} !^https [NC] RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,QSA] NameVirtualHost 10.6.3.205:443 NameVirtualHost 10.6.3.103:443 <IfModule mod_ssl.c> <VirtualHost 10.6.3.205:443> ServerName mydomain1.com ServerAlias mydomain1 ProxyBadHeader Ignore ProxyRequests Off ProxyPreserveHost On RewriteEngine On SSLProxyEngine on DocumentRoot "/var/apache2/htdocs" ProxyPass https://mydomain1.com/ https://backend3.ca:44322/ ProxyPass / https://backend3.ca:44322/ ProxyPassReverse https://backend3.ca:44322/ https://mydomain1.com/ LogLevel info ErrorLog /var/apache2/logs/mydomain1.com.error.log TransferLog /var/apache2/logs/mydomain1.com.access.log RewriteLogLevel 0 RewriteLog /var/apache2/logs/mydomain1.com.rewrite.log </VirtualHost> <VirtualHost 10.6.3.103:443> ServerName mydomain.com ServerAlias mydomain ProxyBadHeader Ignore ProxyRequests Off RewriteEngine On SSLProxyEngine on RewriteEngine on RewriteRule ^/lsw2(.*)$ https://backend1.sap.ca:26961/lsw2/$1 [NC,P,L] # this works #this for some reason becomes http from client perspective #PreserveHost on does not work with lsw, so I disabled it.... RewriteRule ^/lsw(.*)$ http://backend2.ca:8082/lsw$1 [NC,P,L] ProxyPassReverse /lsw http://backend2.ca:8082/lsw Redirect permanent /lsw https://mydomain.com/lsw LogLevel info ErrorLog /var/apache2/logs/mydomain.com.error.log TransferLog /var/apache2/logs/mydomain.com.access.log RewriteLogLevel 0 RewriteLog /var/apache2/logs/mydomain.com.rewrite.log </VirtualHost> </IfModule> LoadModule security_module modules/mod_security.so SecFilterEngine On SecFilterCheckURLEncoding On SecFilterCheckUnicodeEncoding On SecFilter hidden SecFilterForceByteRange 32 126 SecAuditEngine RelevantOnly SecAuditLog /var/apache2/logs/audit_log SecFilterDebugLog /var/apache2/logs/modsec_debug_log SecFilterDebugLevel 0 SecFilterDefaultAction "deny,log,status:500" SecFilterSelective HTTP_Transfer-Encoding "!^$" SecFilter /etc/passwd SecFilterSelective ARGS "bin/" SecFilterSelective ARGS "^(.*)[][\"|\#|\^|\{|\}|<|\||\`|>|\@|\$|\*](.*)$" SecFilter "delete[[:space:]]+from" SecFilter "insert[[:space:]]+into" SecFilter "select.+from" --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
