httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sarris Overbosch" <soverbo...@lycos.nl>
Subject Re: RE: RE: [users@httpd] ReverseProxy and SSL
Date Thu, 10 Mar 2005 09:31:49 GMT
> > Hey Owen,
> > 
> > I will try to make a drawing...
> 
> The drawing is perfect - worth a thousand words...
> 
Thanks...did my best on it ;)
> 
> So it has to be a proxy solution. The "enclosed website" is served by the tomcat server,
right?
True....

> A *request* to a webserver returns a *response* which contains data (HTML, PNG etc.)
How do you get an URL in the response? What is the HTTP response status code? Is it a 301
or 302 redirect to this funny URL? If so, I'm assuming the scenario is:
> 
> - request :apache-site/servlet  -> returns page containing form
> - request :apache-site/servlet?query-string  -> returns redirect to "funny" URL
> 
> > it looks like this:
> >  
> > https://www.apache.site.nl,%20www.test.site.nlnl/...
> > 
> It looks like there is a misconfiguration on the Tomcat server. It seems the presence
of submitted data (query-string, POST method) in the servlet request is triggering a redirect
to a malformed URL. If this were an apache server, I'd look for a faulty RewriteRule, but
I don't know enough about Tomcat to say where this would be.

I also think it is something on the Tomcat server what goes wrong, but I want to proof it!
When I use a browser and connect directly to the tomcat server everything just works fine.
> 
> In any case, do you have access to the Tomcat config?
No I don't have access to it :(
> 
 
> I don't mean to be picky, but if you do a request, you get a *response* back. The response
may contain a redirect message which causes your browser to issue another *request*. It is
important to be precise to avoid ambiguity...

:P you are so right.... Wouldn't apache put it in the log when the Tomcat server sends a redirect
message in its response?

> 
> I guess you mean that the Tomcat server is listening on port 80 (plain HTTP) but redirects
you to port 443 (HTTPS). This is a typical setup for a server which wants to be available
on HTTP but to serve content via HTTPS.

The tomcat server is only listening on port 443, would be nice to have it also listeing on
port 80 to test the connection without ssl....maybe it will work then

> I think the servlet (or rather, the server config in front of it) is *certainly* redirecting.
You need to get a client talking directly to Tomcat to prove this, then you need to fix Tomcat.

I did and it just works fine :S

> 
> On a general point, is there any reason why you need HTTPS between apache and tomcat?
If you then pass the data over plain HTTP to the client (which is what a proxy does) then
it is unecrypted on the apache-client hop. This would only make sense if Tomcat was out on
the internet, apache was in your DMZ and all the clients were internal (like in a corporate
LAN). Is this the setup?

Yes, our broadvision is in our EZ and the apache server is in our DMZ.

Br,

Sarris
> 
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message may be ignored.  
> > 
> > Does this clarify my question?
> > 
> > Br,
> > 
> > Sarris
> > 
> > 	
> > 
> > 
> > > Van: "Boyle Owen" <owen.boyle@swx.com>
> > > Aan: users@httpd.apache.org
> > > Onderwerp: RE: [users@httpd] ReverseProxy and SSL
> > > BCC: Wed, 9 Mar 2005 17:16:32 +0100
> > 
> > > <pre>Plain text please...
> > > 
> > > 
> > > You've got two webservers, a java servlet engine, a mixture 
> > of HTTP and
> > > HTTPS and you're doing reverse proxying. And you describe 
> > it all in two
> > > sentences?
> > > 
> > > I would need at least a circuit diagram before I could 
> > begin to guess
> > > what's wrong...
> > > 
> > > Rgds,
> > > Owen Boyle
> > > Disclaimer: Any disclaimer attached to this message may be ignored. 
> > >  
> > > -----Original Message-----
> > > From: Sarris Overbosch [mailto:soverbosch@lycos.nl]
> > > Sent: Mittwoch, 9. März 2005 17:09
> > > To: apachelist 
> > > Subject: [users@httpd] ReverseProxy and SSL
> > > 
> > > 
> > > Hi,
> > > 
> > > I've configured apache to act as an reverse proxy to an https site
> > > (https://www.test.site.nl) I connect to the apache using the url
> > > <a  target="_blank" 
> > href=<a href=http://www.apache.site.nl.>http://www.apache.site.nl.</a>>http://www.apache.site.nl.>http://www.apache.site.nl.</a></a>>
 When I do a request to a simple jsp page it
> > > will work fine, on this jsp page is a form, when I submit 
> > this form I
> > > get a real strange url back, it looks like this:
> > > 
> > > https://www.apache.site.nl,%20www.test.site.nlnl/...
> > > 
> > > As you notice I do a http request and get an https request 
> > back, i'm not
> > > sure why this is happening. The action which is connected 
> > to the form is
> > > a servlet which may (or may not) do I redirect which causes this
> > > problem. Has anyone out there had this problem and if yes 
> > how did you
> > > solve that?
> > > 
> > > Br,
> > > 
> > > Sarris
> > > 
> > > 
> > > Printer kiezen? Overtuig uzelf! Wij zijn zo overtuigd over 
> > de kwaliteit
> > > van onze Canon printers dat wij u de mogelijkheid bieden 
> > deze GRATIS te
> > > proberen.
> > > 
> > > This message is for the named person's use only. It may contain
> > > confidential, proprietary or legally privileged information. No
> > > confidentiality or privilege is waived or lost by any 
> > mistransmission.
> > > If you receive this message in error, please notify the 
> > sender urgently
> > > and then immediately delete the message and any copies of 
> > it from your
> > > system. Please also immediately destroy any hardcopies of 
> > the message.
> > > You must not, directly or indirectly, use, disclose, 
> > distribute, print,
> > > or copy any part of this message if you are not the 
> > intended recipient.
> > > The sender's company reserves the right to monitor all e-mail
> > > communications through their networks. Any views expressed in this
> > > message are those of the individual sender, except where the message
> > > states otherwise and the sender is authorised to state them 
> > to be the
> > > views of the sender's company. 
> > > 
> > > 
> > > 
> > > 
> > ---------------------------------------------------------------------
> > > The official User-To-User support forum of the Apache HTTP 
> > Server Project.
> > > See <url:<a 
> > href=<a href=http://httpd.apache.org/user>http://httpd.apache.org/user>http://httpd.apache.org/user>http://httpd.apache.org/user</a>>
</a>rslist.html> for more info.
> > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > > For additional commands, e-mail: users-help@httpd.apache.org
> > > 
> > > 
> > > </pre>
> > 
> > Printer kiezen? Overtuig uzelf! Wij zijn zo overtuigd over de 
> > kwaliteit van onze Canon printers dat wij u de mogelijkheid 
> > bieden deze GRATIS te proberen. - 
> > <a href=http://www.yourprint.canon-europe.com>http://www.yourprint.canon-europe.com</a>>

> > 
> Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur
Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal
nature. It is not related to the exchange or business activities of the SWX Group. Le présent
e-mail est un message privé et personnel, sans rapport avec l'activité boursière du Groupe
SWX.
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <url:<a href=http://httpd.apache.org/user>http://httpd.apache.org/user</a>rslist.html>
for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> </pre>

Download nu Lycos Inside! Bekijk al je berichten in Outlook en zet je documenten online! 
Ga snel naar mail.lycos.nl



Mime
View raw message