httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] ReverseProxy and SSL
Date Thu, 10 Mar 2005 10:51:38 GMT
> -----Original Message-----
> From: Sarris Overbosch [mailto:soverbosch@lycos.nl]
> Sent: Donnerstag, 10. März 2005 10:32
> To: apachelist 
> Subject: Re: RE: RE: [users@httpd] ReverseProxy and SSL
> > 
> > - request :apache-site/servlet  -> returns page containing form
> > - request :apache-site/servlet?query-string  -> returns 
> redirect to "funny" URL
> > 
> > > it looks like this:
> > >  
> > > https://www.apache.site.nl,%20www.test.site.nlnl/...
> > > 

I think we need to see how you configure the apache proxy. Do you have something like:

ProxyPass / https://tomcat-server/

or do you use mod_rewrite in proxy mode, eg:

RewriteRule (.*) https://tomcat-server/$1 [P]

Which?


>  When I use a browser and 
> connect directly to the tomcat server everything just works fine.

Even when you submit data in the form? (We know a request for an empty form works OK).

>  Wouldn't apache put it in the log 
> when the Tomcat server sends a redirect message in its response?

Actually, now that I think about it, apache should resolve the redirect before replying to
the client. Apache only logs what it sends to the client, not anything about its communications
with proxies, eg:

- client requests apache
- apache proxies request to tomcat
- tomcat responds with redirect to apache
- apache requests new URL to tomcat
- tomcat serves response to apache
- apache serves response to client and logs it.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 
> 
> > 
> > I guess you mean that the Tomcat server is listening on 
> port 80 (plain HTTP) but redirects you to port 443 (HTTPS). 
> This is a typical setup for a server which wants to be 
> available on HTTP but to serve content via HTTPS.
> 
> The tomcat server is only listening on port 443, would be 
> nice to have it also listeing on port 80 to test the 
> connection without ssl....maybe it will work then
> 
> > I think the servlet (or rather, the server config in front 
> of it) is *certainly* redirecting. You need to get a client 
> talking directly to Tomcat to prove this, then you need to fix Tomcat.
> 
> I did and it just works fine :S
> 
> > 
> > On a general point, is there any reason why you need HTTPS 
> between apache and tomcat? If you then pass the data over 
> plain HTTP to the client (which is what a proxy does) then it 
> is unecrypted on the apache-client hop. This would only make 
> sense if Tomcat was out on the internet, apache was in your 
> DMZ and all the clients were internal (like in a corporate 
> LAN). Is this the setup?
> 
> Yes, our broadvision is in our EZ and the apache server is in our DMZ.
> 
> Br,
> 
> Sarris
> > 
> > Rgds,
> > Owen Boyle
> > Disclaimer: Any disclaimer attached to this message may be 
> ignored.  
> > > 
> > > Does this clarify my question?
> > > 
> > > Br,
> > > 
> > > Sarris
> > > 
> > > 	
> > > 
> > > 
> > > > Van: "Boyle Owen" <owen.boyle@swx.com>
> > > > Aan: users@httpd.apache.org
> > > > Onderwerp: RE: [users@httpd] ReverseProxy and SSL
> > > > BCC: Wed, 9 Mar 2005 17:16:32 +0100
> > > 
> > > > <pre>Plain text please...
> > > > 
> > > > 
> > > > You've got two webservers, a java servlet engine, a mixture 
> > > of HTTP and
> > > > HTTPS and you're doing reverse proxying. And you describe 
> > > it all in two
> > > > sentences?
> > > > 
> > > > I would need at least a circuit diagram before I could 
> > > begin to guess
> > > > what's wrong...
> > > > 
> > > > Rgds,
> > > > Owen Boyle
> > > > Disclaimer: Any disclaimer attached to this message may 
> be ignored. 
> > > >  
> > > > -----Original Message-----
> > > > From: Sarris Overbosch [mailto:soverbosch@lycos.nl]
> > > > Sent: Mittwoch, 9. März 2005 17:09
> > > > To: apachelist 
> > > > Subject: [users@httpd] ReverseProxy and SSL
> > > > 
> > > > 
> > > > Hi,
> > > > 
> > > > I've configured apache to act as an reverse proxy to an 
> https site
> > > > (https://www.test.site.nl) I connect to the apache using the url
> > > > <a  target="_blank" 
> > > href=<a 
> href=http://www.apache.site.nl.>http://www.apache.site.nl.</a>
> >http://www.apache.site.nl.>http://www.apache.site.nl.</a></a>
> >  When I do a request to a simple jsp page it
> > > > will work fine, on this jsp page is a form, when I submit 
> > > this form I
> > > > get a real strange url back, it looks like this:
> > > > 
> > > > https://www.apache.site.nl,%20www.test.site.nlnl/...
> > > > 
> > > > As you notice I do a http request and get an https request 
> > > back, i'm not
> > > > sure why this is happening. The action which is connected 
> > > to the form is
> > > > a servlet which may (or may not) do I redirect which causes this
> > > > problem. Has anyone out there had this problem and if yes 
> > > how did you
> > > > solve that?
> > > > 
> > > > Br,
> > > > 
> > > > Sarris
> > > > 
> > > > 
> > > > Printer kiezen? Overtuig uzelf! Wij zijn zo overtuigd over 
> > > de kwaliteit
> > > > van onze Canon printers dat wij u de mogelijkheid bieden 
> > > deze GRATIS te
> > > > proberen.
> > > > 
> > > > This message is for the named person's use only. It may contain
> > > > confidential, proprietary or legally privileged information. No
> > > > confidentiality or privilege is waived or lost by any 
> > > mistransmission.
> > > > If you receive this message in error, please notify the 
> > > sender urgently
> > > > and then immediately delete the message and any copies of 
> > > it from your
> > > > system. Please also immediately destroy any hardcopies of 
> > > the message.
> > > > You must not, directly or indirectly, use, disclose, 
> > > distribute, print,
> > > > or copy any part of this message if you are not the 
> > > intended recipient.
> > > > The sender's company reserves the right to monitor all e-mail
> > > > communications through their networks. Any views 
> expressed in this
> > > > message are those of the individual sender, except 
> where the message
> > > > states otherwise and the sender is authorised to state them 
> > > to be the
> > > > views of the sender's company. 
> > > > 
> > > > 
> > > > 
> > > > 
> > > 
> ---------------------------------------------------------------------
> > > > The official User-To-User support forum of the Apache HTTP 
> > > Server Project.
> > > > See <url:<a 
> > > href=<a 
> href=http://httpd.apache.org/user>http://httpd.apache.org/user
>http://httpd.apache.org/user>http://httpd.apache.org/user</a>> </a>rslist.html>
for more info.
> > > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > > For additional commands, e-mail: users-help@httpd.apache.org
> > > 
> > > 
> > > </pre>
> > 
> > Printer kiezen? Overtuig uzelf! Wij zijn zo overtuigd over de 
> > kwaliteit van onze Canon printers dat wij u de mogelijkheid 
> > bieden deze GRATIS te proberen. - 
> > <a href=http://www.yourprint.canon-europe.com>http://www.yourprint.canon-europe.com</a>>

> > 
> Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur
Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal
nature. It is not related to the exchange or business activities of the SWX Group. Le présent
e-mail est un message privé et personnel, sans rapport avec l'activité boursière du Groupe
SWX.
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <url:<a href=http://httpd.apache.org/user>http://httpd.apache.org/user</a>rslist.html>
for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> </pre>

Download nu Lycos Inside! Bekijk al je berichten in Outlook en zet je documenten online! 
Ga snel naar mail.lycos.nl



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message