sorry i made a mistake when I wrote the URL's before basically
this is what the client gets after the POST http://mydomain.com/lsw/clientele/ses/pagePersonnelle.jsp?Mouftah=VXV744A9SVZMU9P rather then getting https://mydomain.com/lsw/clientele/ses/pagePersonnelle.jsp?Mouftah=VXV744A9SVZMU9P I copy pasted the info from my httpd.conf to my ssl.conf file and it SEEMS to work. But how do I preserve cookies if the Preserver host directive is disabled. Take note that when I enable that option, everything that is backend http stops working.... thx On Thu, Apr 22, 2010 at 10:03 AM, GB GB <gbcy...@gmail.com> wrote: > I dont know why, but when I copy paste my virtualhost info from > httpd.conf and put in ssl.conf like you it works??!! > > thx > > On Thu, Apr 22, 2010 at 9:01 AM, Mauri <lai...@gmail.com> wrote: >> >> u can investigate on the version. I have this: httpd-2.2.3-31 >> >> Please see at ssl.conf top: >> ================================================ >> LoadModule ssl_module modules/mod_ssl.so >> LoadFile /usr/lib/libxml2.so >> LoadModule proxy_html_module modules/mod_proxy_html.so >> LoadModule xml2enc_module modules/mod_xml2enc.so >> ================================================ >> >> have u load this module? >> >> >> 2010/4/22 GB GB <gbcy...@gmail.com> >>> >>> The version I am using is >>> Server version: Apache/2.0.54 >>> Server built: Sep 23 2005 15:28:48 >>> >>> ProxyHTMLURLMap doesn't work with what I am using..... >>> >>> >>> On Thu, Apr 22, 2010 at 8:32 AM, Mauri <lai...@gmail.com> wrote: >>> > Hi GB. >>> > >>> > I have a similar solution. >>> > >>> > Client --> https://mysite.com --> proxy --> http://backend. >>> > >>> > the url in the client broswer is https://mysite.com. >>> > >>> > this is my /etc/httpd/conf.d/ssl.conf: >>> > >>> > >>> > >>> > LoadModule ssl_module modules/mod_ssl.so >>> > LoadFile /usr/lib/libxml2.so >>> > LoadModule proxy_html_module modules/mod_proxy_html.so >>> > LoadModule xml2enc_module modules/mod_xml2enc.so >>> > Listen 443 >>> > AddType application/x-x509-ca-cert .crt >>> > AddType application/x-pkcs7-crl .crl >>> > SSLPassPhraseDialog builtin >>> > SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) >>> > SSLSessionCacheTimeout 300 >>> > SSLMutex default >>> > SSLRandomSeed startup file:/dev/urandom 256 >>> > SSLRandomSeed connect builtin >>> > SSLCryptoDevice builtin >>> > >>> > NameVirtualHost mysite.com:443 >>> > <VirtualHost mysite.com:443> >>> > ServerName mysite.com >>> > ProxyRequests off >>> > ProxyPass / https://10.173.90.167:8443/ >>> > ProxyHTMLURLMap https://10.173.90.167:8443 / >>> > <Location /> >>> > ProxyPassReverse https://10.173.90.167:8443/ >>> > ProxyHTMLEnable On >>> > ProxyHTMLURLMap / / >>> > RequestHeader unset Accept-Encoding >>> > </Location> >>> > >>> > SSLEngine on >>> > SSLProxyEngine on >>> > SSLProtocol all -SSLv2 >>> > SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW >>> > SSLCertificateFile /etc/httpd/cert/IT_Global_Alternative.cer >>> > SSLCertificateKeyFile /etc/httpd/cert/IT_Global_Alternative.key >>> > SSLCertificateChainFile /etc/httpd/cert/IT_Global_CA.cer >>> > >>> > <Files ~ "\.(cgi|shtml|phtml|php3?)$"> >>> > SSLOptions +StdEnvVars >>> > </Files> >>> > <Directory "/var/www/cgi-bin"> >>> > SSLOptions +StdEnvVars >>> > </Directory> >>> > SetEnvIf User-Agent ".*MSIE.*" \ >>> > nokeepalive ssl-unclean-shutdown \ >>> > downgrade-1.0 force-response-1.0 >>> > CustomLog logs/ssl_request_log \ >>> > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" >>> > </VirtualHost> >>> > >>> > >>> > >>> > >>> > >>> > >>> > 2010/4/22 GB GB <gbcy...@gmail.com> >>> >> >>> >> Basically what goes on when the user types in https://mydomain.com/lsw >>> >> he gets an authentification page from the backend application. Once he >>> >> enters his credentials, I notice a POST in the apache logs. >>> >> >>> >> This is what the user types in: >>> >> https://mydomain.com/lsw/clientele/gen/authentification.jsp >>> >> he enters his credentials, then a POST appears in the log : >>> >> POST /lsw/clientele/gen/authentification.jsp HTTP/1.1" 302 >>> >> >>> >> and in the browser I get the following: The connection has timed out >>> >> >>> >> >>> >> >>> >> http://backend2.ca/lsw/clientele/ses/pagePersonnelle.jsp?Mouftah=VXV744A9SVZMU9P >>> >> >>> >> the above link doesn't work because its http rather than https!! >>> >> >>> >> If I add the "s" manually >>> >> >>> >> >>> >> https://backend2.ca/lsw/clientele/ses/pagePersonnelle.jsp?Mouftah=VXV744A9SVZMU9P >>> >> then it works. >>> >> >>> >> 1)So how can I force the protocole to remain https once the client >>> >> does a POST..... >>> >> 2)I have noticed in many examples that people use PreserveHost on, in >>> >> my case, if activate >>> >> PreserveHost on then I cant even get the first page to work: >>> >> >>> >> Thx in advance >>> >> >>> >> >>> >> >>> >> >>> >> On Wed, Apr 21, 2010 at 4:56 AM, Krist van Besien >>> >> <krist.vanbes...@gmail.com> wrote: >>> >> > On Tue, Apr 20, 2010 at 6:41 PM, GB GB <gbcy...@gmail.com> wrote: >>> >> > >>> >> > >>> >> > >>> >> >> #this for some reason becomes http from client perspective >>> >> >> #PreserveHost on does not work with lsw, so I disabled it.... >>> >> >> RewriteRule ^/lsw(.*)$ http://backend2.ca:8082/lsw$1 >>> >> >> [NC,P,L] >>> >> >> ProxyPassReverse /lsw http://backend2.ca:8082/lsw >>> >> >> Redirect permanent /lsw https://mydomain.com/lsw >>> >> > >>> >> > First of all: Remove the "Redirect Permanent". It's not needed (as >>> >> > this virtualhost only gets https requests anyway) and confuses. If >>> >> > you >>> >> > want to make sure that people who accidentaly land on the http site >>> >> > get redirected to https you need to put a redirect in the http >>> >> > virtual >>> >> > host. >>> >> > >>> >> > Secondly: Look at what your backend produces. It is very well >>> >> > possible >>> >> > that it passes html pages back to the client that contain http:// >>> >> > style URLs. RewriteRule only operates on request URLs, >>> >> > ProxyPassReverse only on redirects passed back. The content passed >>> >> > back by the backend is not modified. >>> >> > >>> >> > HTH, >>> >> > >>> >> > Krist >>> >> > >>> >> > -- >>> >> > krist.vanbes...@gmail.com >>> >> > kr...@vanbesien.org >>> >> > Bremgarten b. Bern, Switzerland >>> >> > -- >>> >> > A: It reverses the normal flow of conversation. >>> >> > Q: What's wrong with top-posting? >>> >> > A: Top-posting. >>> >> > Q: What's the biggest scourge on plain text email discussions? >>> >> > >>> >> > --------------------------------------------------------------------- >>> >> > The official User-To-User support forum of the Apache HTTP Server >>> >> > Project. >>> >> > See <URL:http://httpd.apache.org/userslist.html> for more info. >>> >> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >>> >> > " from the digest: users-digest-unsubscr...@httpd.apache.org >>> >> > For additional commands, e-mail: users-h...@httpd.apache.org >>> >> > >>> >> > >>> >> >>> >> --------------------------------------------------------------------- >>> >> The official User-To-User support forum of the Apache HTTP Server >>> >> Project. >>> >> See <URL:http://httpd.apache.org/userslist.html> for more info. >>> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >>> >> " from the digest: users-digest-unsubscr...@httpd.apache.org >>> >> For additional commands, e-mail: users-h...@httpd.apache.org >>> >> >>> > >>> > >>> >>> --------------------------------------------------------------------- >>> The official User-To-User support forum of the Apache HTTP Server Project. >>> See <URL:http://httpd.apache.org/userslist.html> for more info. >>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >>> " from the digest: users-digest-unsubscr...@httpd.apache.org >>> For additional commands, e-mail: users-h...@httpd.apache.org >>> >> >> > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
