httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: RE: [users@httpd] ReverseProxy and SSL
Date Thu, 10 Mar 2005 09:13:03 GMT
> -----Original Message-----
> From: Sarris Overbosch [mailto:soverbosch@lycos.nl]
> Sent: Donnerstag, 10. März 2005 09:43
> To: apachelist 
> Subject: Re: RE: [users@httpd] ReverseProxy and SSL
> 
> 
> Hey Owen,
> 
> I will try to make a drawing...

The drawing is perfect - worth a thousand words...

> a bit difficult but i will 
> try. The main goal of this project is to enclose a website 
> which is hosted by another company without the user noticing 
> this. 

So it has to be a proxy solution. The "enclosed website" is served by the tomcat server, right?

> I've configured apache to act as an reverse proxy to an https site
> (https://www.test.site.nl) I connect to the apache using the url
> <a 
> href=http://www.apache.site.nl.>http://www.apache.site.nl.</a>
>  When I do a request to a simple jsp page it
> will work fine, on this jsp page is a form, when I submit this form I
> get a real strange url back,

[I assume you mean all this happens in the browser (ie, before the apache proxy)]

What do you mean "...I get a real strange url back..."? 

A *request* to a webserver returns a *response* which contains data (HTML, PNG etc.) How do
you get an URL in the response? What is the HTTP response status code? Is it a 301 or 302
redirect to this funny URL? If so, I'm assuming the scenario is:

- request :apache-site/servlet  -> returns page containing form
- request :apache-site/servlet?query-string  -> returns redirect to "funny" URL

> it looks like this:
>  
> https://www.apache.site.nl,%20www.test.site.nlnl/...
> 
> BTW: when I add ProxyPreserveHost On in the configuration the 
> url will look a bit different,
>    https://www.apache.site.nl,%20www.apache.site.nlnl/.....


It looks like there is a misconfiguration on the Tomcat server. It seems the presence of submitted
data (query-string, POST method) in the servlet request is triggering a redirect to a malformed
URL. If this were an apache server, I'd look for a faulty RewriteRule, but I don't know enough
about Tomcat to say where this would be.

In any case, do you have access to the Tomcat config?

To test, can you submit the form from the apache server (you don't need a browser: from the
command line or use curl or wget or something)?

> As you notice I do a http request and get an https request 
> back, 

I don't mean to be picky, but if you do a request, you get a *response* back. The response
may contain a redirect message which causes your browser to issue another *request*. It is
important to be precise to avoid ambiguity...

I guess you mean that the Tomcat server is listening on port 80 (plain HTTP) but redirects
you to port 443 (HTTPS). This is a typical setup for a server which wants to be available
on HTTP but to serve content via HTTPS.

> i'm not
> sure why this is happening. The action which is connected to 
> the form is
> a servlet which may (or may not) do I redirect which causes this
> problem.

I think the servlet (or rather, the server config in front of it) is *certainly* redirecting.
You need to get a client talking directly to Tomcat to prove this, then you need to fix Tomcat.

On a general point, is there any reason why you need HTTPS between apache and tomcat? If you
then pass the data over plain HTTP to the client (which is what a proxy does) then it is unecrypted
on the apache-client hop. This would only make sense if Tomcat was out on the internet, apache
was in your DMZ and all the clients were internal (like in a corporate LAN). Is this the setup?

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.  
> 
> Does this clarify my question?
> 
> Br,
> 
> Sarris
> 
> 	
> 
> 
> > Van: "Boyle Owen" <Owen.Boyle@swx.com>
> > Aan: users@httpd.apache.org
> > Onderwerp: RE: [users@httpd] ReverseProxy and SSL
> > BCC: Wed, 9 Mar 2005 17:16:32 +0100
> 
> > <pre>Plain text please...
> > 
> > 
> > You've got two webservers, a java servlet engine, a mixture 
> of HTTP and
> > HTTPS and you're doing reverse proxying. And you describe 
> it all in two
> > sentences?
> > 
> > I would need at least a circuit diagram before I could 
> begin to guess
> > what's wrong...
> > 
> > Rgds,
> > Owen Boyle
> > Disclaimer: Any disclaimer attached to this message may be ignored. 
> >  
> > -----Original Message-----
> > From: Sarris Overbosch [mailto:soverbosch@lycos.nl]
> > Sent: Mittwoch, 9. März 2005 17:09
> > To: apachelist 
> > Subject: [users@httpd] ReverseProxy and SSL
> > 
> > 
> > Hi,
> > 
> > I've configured apache to act as an reverse proxy to an https site
> > (https://www.test.site.nl) I connect to the apache using the url
> > <a 
> href=http://www.apache.site.nl.>http://www.apache.site.nl.</a>
>  When I do a request to a simple jsp page it
> > will work fine, on this jsp page is a form, when I submit 
> this form I
> > get a real strange url back, it looks like this:
> > 
> > https://www.apache.site.nl,%20www.test.site.nlnl/...
> > 
> > As you notice I do a http request and get an https request 
> back, i'm not
> > sure why this is happening. The action which is connected 
> to the form is
> > a servlet which may (or may not) do I redirect which causes this
> > problem. Has anyone out there had this problem and if yes 
> how did you
> > solve that?
> > 
> > Br,
> > 
> > Sarris
> > 
> > 
> > Printer kiezen? Overtuig uzelf! Wij zijn zo overtuigd over 
> de kwaliteit
> > van onze Canon printers dat wij u de mogelijkheid bieden 
> deze GRATIS te
> > proberen.
> > 
> > This message is for the named person's use only. It may contain
> > confidential, proprietary or legally privileged information. No
> > confidentiality or privilege is waived or lost by any 
> mistransmission.
> > If you receive this message in error, please notify the 
> sender urgently
> > and then immediately delete the message and any copies of 
> it from your
> > system. Please also immediately destroy any hardcopies of 
> the message.
> > You must not, directly or indirectly, use, disclose, 
> distribute, print,
> > or copy any part of this message if you are not the 
> intended recipient.
> > The sender's company reserves the right to monitor all e-mail
> > communications through their networks. Any views expressed in this
> > message are those of the individual sender, except where the message
> > states otherwise and the sender is authorised to state them 
> to be the
> > views of the sender's company. 
> > 
> > 
> > 
> > 
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP 
> Server Project.
> > See <url:<a 
> href=http://httpd.apache.org/user>http://httpd.apache.org/user
> </a>rslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> > 
> > 
> > </pre>
> 
> Printer kiezen? Overtuig uzelf! Wij zijn zo overtuigd over de 
> kwaliteit van onze Canon printers dat wij u de mogelijkheid 
> bieden deze GRATIS te proberen. - 
> http://www.yourprint.canon-europe.com
> 
> 
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen-
bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature.
It is not related to the exchange or business activities of the SWX Group. Le présent e-mail
est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message