trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ethan Lai <yz...@yahoo.com>
Subject Re: SSL-termination redirect loop
Date Tue, 06 May 2014 15:59:04 GMT
Reindl,

You can set "CONFIG proxy.config.url_remap.pristine_host_hdr INT 1" to keep
request's Host header.

And, yes, I also think its a bug, lower precedence type, `redirect` here,
should not be matched again if higher precedence type, `map` here, were
matched.
I've provided a patch
here<https://issues.apache.org/jira/secure/attachment/12637293/no_redirect_after_map.patch>,
one patch of TS-2344 <https://issues.apache.org/jira/browse/TS-2344>.   You
can try it if building trafficserver yourself.

Thanks,
-Ethan


2014-05-06 19:31 GMT+08:00 Reindl Harald <h.reindl@thelounge.net>:

>
>
> Am 06.05.2014 13:06, schrieb Ethan Lai:
> > I'd suggest use different names
>
> that don't work because it would break the *automatic*
> configuration of ATS / dnsmasq based on webservices
> working with the real origin-configs
>
> as well it would break php applications seeing
> http://real-webspace.local/ as URL and so no longer
> correctly fix href="http://domain/folder/file.ext"
> to href="/folder/file.ext" by save content with
> WYSIWG editors
>
> the current solution works perfectly for some
> hundret domains without touch ATS manually
> and care about the origin, it only breaks
> if ATS is supposed to do SSL-offloading
> and force the client to https
>
> IMHO that is a bug - the redirect statement
> should not affect the right side of a map
> in reverse proxy mode
>
> > Add DNS: real-webspace.local   192.168.196.3
> >
> > redirect http://webspace.local https://webspace.local
> > map https://webspace.local http://real-webspace.local
> >
> > 2014-05-06 18:37 GMT+08:00 Reindl Harald:
> >
> >     Hi
> >
> >     the settings below (which only make no sense without
> >     the underlying DNS views) are resulting in a redirect
> >     loop  but why?
> >
> >     redirect http://webspace.local https://webspace.local
> >     map https://webspace.local http://webspace.local
> >
> >     * DNS-View external:    webspace.local -> 192.168.196.2
> (192.168.196.2 = ATS)
> >     * DNS-View ATS machine: webspace.local -> 192.168.196.3
> (192.168.196.3 = Origin)
> >
> >     the reason for that views is that this way automatic configuration of
> >     ATS and dnsmasq based on webservices can be done and the decision
> using
> >     the proxy or directly point to the origin is done with the public DNS
> >     _____________________________________________________
> >
> >     these two mappings are working fine with http and https
> >     so i assume the problem is that the non-http-origin URL
> >     triggers also teh redirect above
> >
> >     map http://webspace.local http://webspace.local
> >     map https://webspace.local http://webspace.local
> >     _____________________________________________________
> >
> >     these mappings also working because the origin itself
> >     is also accessed with https, but the idea of the config
> >     above is that ATS doing SSL termination, forcing the
> >     client to use https but the origin has no SSL
> >
> >     redirect http://webspace.local https://webspace.local
> >     map https://webspace.local https://webspace.local
>
>

Mime
View raw message