On 11/13/12 3:49 AM, Luca Rea wrote:
Hi,
I suppose there is a forced redirect from http to https of login page, if you
have ATS SSL termination you should disable the https redirect of web server or
apps.
Fwiw, one little "tip" here. I had a similar problem with my Drupal setup,
and I solved it by injecting a header in ATS, which HTTPD can use (in fact,
Drupal supports it). I have it outlined in http://www.ogre.com/node/430, but
the general idea is:
1) Use the header_filter plugin in ATS, to inject a header X-Forwarded-Proto
map https://ogre.com http://ogre.com:82 @plugin=header_filter.so
@pparam=ssl-header.conf
where ssl-header.conf contains
[SEND_REQUEST_HDR]
X-Forwarded-Proto =https=
2) In addition to Drupal honoring this header, I also make an exception in
my httpd config, which I do to force /user URLs to be HTTPS:
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !=https
RewriteRule ^/user https://www.ogre.com$0 [R]
-- Leif
