It is perfectly normal for a backend that works with http to return internal Location headers with http.

If apache is the backend of some other reverse proxy it is the job of that reverse proxy to use the correct url scheme requested by the client, that is, to revert the location headers back to "https" where that behaviour is needed.

For instance, if the reverse proxy was Apache, it has a directive for that called ProxyPassReverse which does exactly that.

Have you tried to "address this" in the reverse proxy where SSL termination is?

2017-02-07 4:40 GMT+01:00 mjk <mj.kelleher@gmail.com>:
I have spent 8+hours scouring the web, reviewing the Apache Httpd Cookbook, the Definitive Reference, and the 2.2 documentation for mod_headers, mod_proxy and core.


CONFIGURATION:
Apache Version: 
Server version: Apache/2.2.15 (Unix)
Server built:   Jul 18 2016 15:24:00

SSL offloading happens before the requests gets to Apache, which proxies http traffic to Apache on port 80.

The Apache VirtualHost config in question does not have a ServerName or ServerAlias configured, and is configured to listen on port 80.

SITUATION
I have a Rewrite rule issuing a 301 redirect which uses flags [NC,R=301,L] -  which redirects to the correct hostname, but using http as the protocol.

I have a mod_headers rule to try to deal with this:   Header always edit Location ^http://(.*) https://$1
This rule is getting completely ignored.


If I add a wholly new Header like:    Header always add SillyHeader SillyHeaderValue
the header DOES get added.


Does anyone know why the   "Header always edit"   rule is getting ignored?

Thank you,

--mjk



--
Daniel Ferradal
IT Specialist

email         dferradal at gmail.com