httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Clinton J. Campbell" <clinton.campb...@gmail.com>
Subject Re: [users@httpd] Apache modifies URL when offloading SSL
Date Fri, 29 Jun 2012 16:43:28 GMT
Thanks for the response.  I spent my time initially focusing on the proxy until I found similar
questions on the Squid mailing list that pointed to the backend server as the problem.  The
access logs for apache seem to correspond to what I described.  I just ran a test a moment
ago and this is final entry I see in the logs: 

10.0.0.6 - - [29/Jun/2012:01:31:41 -0500] "POST /administrator/index.php HTTP/1.0" 303 428
"https://www.mydomain.com/administrator/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0)
Gecko/20100101 Firefox/13.0.1"

The connection was made via plain http, but the URI in the HTTP header is passed with the
https intact.  Monitoring in the browser, I can now see that it is receiving a 301 Moved Permanently
response.  I'm trying to configure the logs so that I can confirm whether this is generated
by Apache or not.  Any tips?

Clinton 


On Thursday, June 28, 2012 at 10:07 PM, Igor Cicimov wrote:

> Hmmm this
> 
> > - apache changes the url to http://www.mydomain.com/administrator/. (http://www.mydomain.com/administrator/)..

> 
> doesn't make sense to me in your scenario. Since you are offloading the SSL on the proxy
all the communication between the proxy and apache is over HTTP not SSL. So the request already
comes to apache as http://... Then Squid should send that back to the client via SSL. Looks
like reverse proxy issue to me. In apache as reverse proxy you need to have something like:

> 
> ProxyRequest off
> ProxyPass / http://apache/
> ProxyPassReverse / http://apache/
> 
> I'm not sure about Squid as I've never used it. 
> 
> Igor
> 
> On Fri, Jun 29, 2012 at 1:28 PM, Clinton J. Campbell <clinton.campbell@gmail.com (mailto:clinton.campbell@gmail.com)>
wrote:
> > I've been searching archives and other forums, and though I've found others who
have asked similar questions, I haven't found a solution yet.
> > 
> > I currently have an Apache server that sits behind a Squid Reverse Proxy. The Apache
server runs two virtual hosts, a Joomla website and a WebDav directory for file sharing with
customers. The Squid proxy serves several functions, including enforcing the requirement that
any sensitive pages are served to the user over SSL.
> > 
> > When running unencrypted, everything works fine. Squid forwards the request to Apache
and the response to the user. However, when the user tries to connect via SSL, things start
to fall apart behind the scenes. I'll illustrate with a typical scenario:
> > 
> > - user enters https://www.mydomain.com/administrator to access Joomla administration
page
> > - connection succeeds and user is presented with login page
> > - user enters credentials and submits
> > - apache changes the url to http://www.mydomain.com/administrator/...
> > - connection fails
> > 
> > In some cases, I can manually change the URL back and proceed to access most parts
of the site. Some functionality remains broken. Moreover, this problem completely breaks WebDav
access on Windows clients.
> > 
> > I've tried a variety of configurations on the proxy to work around or avoid the
problem; however, I've had no luck. The optimal solution would be to find a way to keep Apache
from rewriting the URL, but I've not been able to track down a configuration that accomplishes
this. Any suggestions?
> > 
> > Thanks in advance!
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org (mailto:users-unsubscribe@httpd.apache.org)
> > For additional commands, e-mail: users-help@httpd.apache.org (mailto:users-help@httpd.apache.org)
> 




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message