The version I am using is Server version: Apache/2.0.54 Server built: Sep 23 2005 15:28:48
ProxyHTMLURLMap doesn't work with what I am using..... On Thu, Apr 22, 2010 at 8:32 AM, Mauri <lai...@gmail.com> wrote: > Hi GB. > > I have a similar solution. > > Client --> https://mysite.com --> proxy --> http://backend. > > the url in the client broswer is https://mysite.com. > > this is my /etc/httpd/conf.d/ssl.conf: > > > > LoadModule ssl_module modules/mod_ssl.so > LoadFile /usr/lib/libxml2.so > LoadModule proxy_html_module modules/mod_proxy_html.so > LoadModule xml2enc_module modules/mod_xml2enc.so > Listen 443 > AddType application/x-x509-ca-cert .crt > AddType application/x-pkcs7-crl .crl > SSLPassPhraseDialog builtin > SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) > SSLSessionCacheTimeout 300 > SSLMutex default > SSLRandomSeed startup file:/dev/urandom 256 > SSLRandomSeed connect builtin > SSLCryptoDevice builtin > > NameVirtualHost mysite.com:443 > <VirtualHost mysite.com:443> > ServerName mysite.com > ProxyRequests off > ProxyPass / https://10.173.90.167:8443/ > ProxyHTMLURLMap https://10.173.90.167:8443 / > <Location /> > ProxyPassReverse https://10.173.90.167:8443/ > ProxyHTMLEnable On > ProxyHTMLURLMap / / > RequestHeader unset Accept-Encoding > </Location> > > SSLEngine on > SSLProxyEngine on > SSLProtocol all -SSLv2 > SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW > SSLCertificateFile /etc/httpd/cert/IT_Global_Alternative.cer > SSLCertificateKeyFile /etc/httpd/cert/IT_Global_Alternative.key > SSLCertificateChainFile /etc/httpd/cert/IT_Global_CA.cer > > <Files ~ "\.(cgi|shtml|phtml|php3?)$"> > SSLOptions +StdEnvVars > </Files> > <Directory "/var/www/cgi-bin"> > SSLOptions +StdEnvVars > </Directory> > SetEnvIf User-Agent ".*MSIE.*" \ > nokeepalive ssl-unclean-shutdown \ > downgrade-1.0 force-response-1.0 > CustomLog logs/ssl_request_log \ > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" > </VirtualHost> > > > > > > > 2010/4/22 GB GB <gbcy...@gmail.com> >> >> Basically what goes on when the user types in https://mydomain.com/lsw >> he gets an authentification page from the backend application. Once he >> enters his credentials, I notice a POST in the apache logs. >> >> This is what the user types in: >> https://mydomain.com/lsw/clientele/gen/authentification.jsp >> he enters his credentials, then a POST appears in the log : >> POST /lsw/clientele/gen/authentification.jsp HTTP/1.1" 302 >> >> and in the browser I get the following: The connection has timed out >> >> >> http://backend2.ca/lsw/clientele/ses/pagePersonnelle.jsp?Mouftah=VXV744A9SVZMU9P >> >> the above link doesn't work because its http rather than https!! >> >> If I add the "s" manually >> >> https://backend2.ca/lsw/clientele/ses/pagePersonnelle.jsp?Mouftah=VXV744A9SVZMU9P >> then it works. >> >> 1)So how can I force the protocole to remain https once the client >> does a POST..... >> 2)I have noticed in many examples that people use PreserveHost on, in >> my case, if activate >> PreserveHost on then I cant even get the first page to work: >> >> Thx in advance >> >> >> >> >> On Wed, Apr 21, 2010 at 4:56 AM, Krist van Besien >> <krist.vanbes...@gmail.com> wrote: >> > On Tue, Apr 20, 2010 at 6:41 PM, GB GB <gbcy...@gmail.com> wrote: >> > >> > >> > >> >> #this for some reason becomes http from client perspective >> >> #PreserveHost on does not work with lsw, so I disabled it.... >> >> RewriteRule ^/lsw(.*)$ http://backend2.ca:8082/lsw$1 >> >> [NC,P,L] >> >> ProxyPassReverse /lsw http://backend2.ca:8082/lsw >> >> Redirect permanent /lsw https://mydomain.com/lsw >> > >> > First of all: Remove the "Redirect Permanent". It's not needed (as >> > this virtualhost only gets https requests anyway) and confuses. If you >> > want to make sure that people who accidentaly land on the http site >> > get redirected to https you need to put a redirect in the http virtual >> > host. >> > >> > Secondly: Look at what your backend produces. It is very well possible >> > that it passes html pages back to the client that contain http:// >> > style URLs. RewriteRule only operates on request URLs, >> > ProxyPassReverse only on redirects passed back. The content passed >> > back by the backend is not modified. >> > >> > HTH, >> > >> > Krist >> > >> > -- >> > krist.vanbes...@gmail.com >> > kr...@vanbesien.org >> > Bremgarten b. Bern, Switzerland >> > -- >> > A: It reverses the normal flow of conversation. >> > Q: What's wrong with top-posting? >> > A: Top-posting. >> > Q: What's the biggest scourge on plain text email discussions? >> > >> > --------------------------------------------------------------------- >> > The official User-To-User support forum of the Apache HTTP Server >> > Project. >> > See <URL:http://httpd.apache.org/userslist.html> for more info. >> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> > " from the digest: users-digest-unsubscr...@httpd.apache.org >> > For additional commands, e-mail: users-h...@httpd.apache.org >> > >> > >> >> --------------------------------------------------------------------- >> The official User-To-User support forum of the Apache HTTP Server Project. >> See <URL:http://httpd.apache.org/userslist.html> for more info. >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> " from the digest: users-digest-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
