[users@httpd] Apache proxy problem with https/http and 302 redirects

Thu, 12 Apr 2007 13:29:14 -0700 

Greetings.  I am having a problem with the Apache Proxy directives.

Here is my setup:

CLIENT <--> Apache SSL <--> http proxy to tomcat server

A client comes in with an https:// request.  Apache receives that
request and proxies the connection to our backend tomcat server via
http.  The tomcat server sends back data.  Apache then sends that tomcat
data back to the client over the SSL connection.  This part works
perfectly.

However, when the tomcat server sends a 302 redirect (we're using
j_security_check), Apache is sending that redirect back to the client as
HTTP and not HTTPS, therefore triggering the CLIENT IE6/7 browser to
popup "Warning, you are about to enter an unsecure site...".

Has anyone else experienced this, or have ideas why the HTTPS connection
is being broken?

*Another note, when I switch to using a JkMount with
worker/properties/ajp, and do not use ProxyPass/ProxyPassReverse/http,
there is no problem.

Here are our configs:

httpd-ssl.conf
--------------
<VirtualHost 172.27.16.116:443>
        DocumentRoot "/usr/local/apache2/htdocs/MYSITE"
        ServerName www.MYSITE.com:443

        ...SSL STUFF...

        ProxyPreserveHost On

        ProxyPass /distrib/ http://172.27.162.132:8080/distrib/
        ProxyPassReverse /distrib/ http://172.27.162.132:8080/distrib/
        ProxyPass /content/ http://172.27.162.132:8080/content/
        ProxyPassReverse /content/ http://172.27.162.132:8080/content/

        #JkMount  /distrib/* worker1
        #JkMount  /content/* worker1
</VirtualHost>

Apache Version (64-bit)
-----------------------
Server version: Apache/2.2.4 (Unix)
Server built:   Feb 22 2007 11:00:07

Apache Build Configuration
--------------------------
--enable-modules=ssl rewrite proxy proxy-connect proxy-http
--with-mpm=worker

OS Information
--------------
Linux HOSTNAME.wrightexpress.com 2.6.9-42.ELsmp #1 SMP Wed Jul 12
23:32:02 EDT 2006 x86_64 x86_64 x86_64 GNU/Linux

Thanks for any help or ideas.

Scott Campbell
Web Systems Administrator
Wright Express
http://www.wrightexpress.com


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to