Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 30059 invoked from network); 17 Jun 2006 17:17:45 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 17 Jun 2006 17:17:45 -0000 Received: (qmail 84614 invoked by uid 500); 17 Jun 2006 17:17:36 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 84598 invoked by uid 500); 17 Jun 2006 17:17:36 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 84587 invoked by uid 99); 17 Jun 2006 17:17:36 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 17 Jun 2006 10:17:36 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_HELO_PASS X-Spam-Check-By: apache.org Received-SPF: neutral (asf.osuosl.org: local policy) Received: from [207.106.84.159] (HELO atlas.jtan.com) (207.106.84.159) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 17 Jun 2006 10:17:35 -0700 X-JTAN-Envelope-From: sctemme@apache.org X-JTAN-Envelope-To: Received: from [10.11.0.103] (c-24-5-108-151.hsd1.ca.comcast.net [24.5.108.151]) (authenticated bits=0) by atlas.jtan.com (8.12.8p1/8.12.8) with ESMTP id k5HHHCQ2020895 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for ; Sat, 17 Jun 2006 13:17:14 -0400 (EDT) Mime-Version: 1.0 (Apple Message framework v750) In-Reply-To: References: Content-Type: multipart/signed; micalg=sha1; boundary=Apple-Mail-5-458739665; protocol="application/pkcs7-signature" Message-Id: <7A0FDD4E-27FC-4466-86CF-24BF7768C55B@apache.org> From: Sander Temme Date: Sat, 17 Jun 2006 10:17:11 -0700 To: users@httpd.apache.org X-Mailer: Apple Mail (2.750) X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] self-referential URL's and load balancer X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N --Apple-Mail-5-458739665 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Hi enigma, On Jun 12, 2006, at 1:53 PM, enigma wrote: > > I have a problem with the self-referential URL's being generated by > Apache > when a hardware load balancer is front ending it. This is a well-known problem with load balancing and SSL offload in front of any web server. The httpd simply doesn't know that HTTPS exists in front of it, and can not generate the correct Location: headers for Redirect responses. Some load balancers have built-in fixups for outgoing response headers. You can use those to repair the Location: headers as they are sent to the browser. See your load balancer documentation, support community or your favorite SE to set this up. Which version of Apache are you using on which platform? The trunk of Apache now has support for setting the scheme in the ServerName directive, so you can go ServerName https://myserver.foo.com with optional port. You can see the code at: http://svn.apache.org/viewvc?view=rev&revision=399947 That should go a long way towards fixing your issue, especially if everything you do happens inside the web server. And, any module that plays nice and calls the http_scheme hook should get the correct information. I have proposed to backport this to Apache 2.2, and a version of the patch that applies to the 2.2.x branch is at: http://people.apache.org/~sctemme/servername_22x.patch Unfortunately, httpd 1.3 hardcodes this scheme information so this approach will not work. the EAPI patch at least makes it settable, but you only have that if you have mod_ssl. > https://www.example.com/test/ > > I have tried setting UseCanonicalName Off without success. I can > remap the > port with the port directive, but it still changes the https to http. UseCanonicalName Off should help with the port value, but not the scheme. You mention the Port directive, which disappeared in httpd 2.0 so that means you're using 1.3. As I said, the ServerName [scheme://] hostname[:port] code does not work with that version, so unless you can upgrade you'll have to fix this on the Load Balancer. S. -- sander@temme.net http://www.temme.net/sander/ PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF -- sctemme@apache.org http://www.temme.net/sander/ PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF --Apple-Mail-5-458739665 Content-Transfer-Encoding: base64 Content-Type: application/pkcs7-signature; name=smime.p7s Content-Disposition: attachment; filename=smime.p7s MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGLzCCAugw ggJRoAMCAQICAw7yjDANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhh d3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVt YWlsIElzc3VpbmcgQ0EwHhcNMDUwNjE4MTQzNDE1WhcNMDYwNjE4MTQzNDE1WjBbMQ4wDAYDVQQE EwVUZW1tZTEPMA0GA1UEKhMGU2FuZGVyMRUwEwYDVQQDEwxTYW5kZXIgVGVtbWUxITAfBgkqhkiG 9w0BCQEWEnNjdGVtbWVAYXBhY2hlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AMhBYkCmde6IJv6l5AwkxghTXwTEEd2u35Nn20vz0gufy00f3Wp0ixJgWiJ5nBalh5byGyAaSNk3 aMWbchqyXLZkV9i3GoFMv3Q5+5juN+YRd3LJoo0WfrUvSCA0YJGfRllY9jG7sCu7cXyk0Hu6qinu Cev2tq5ypaVSpQ6KZ8/HT3W/QIgaqBpD0qNK6kdefoPNTLHeBTbXyBS4YBLJ/WoTn4CHGcQI5dIp pn9BBbxKykpkqAKzFyPbTtFlp8gfCE0lo/fO0j12PnflX8Ea8NX4PKU2Kir3viF/3vqtP6+qRfee MUq0Ju/8r0iY5Lq2/3/EW10D+pxOj/71Q89F0z8CAwEAAaMvMC0wHQYDVR0RBBYwFIESc2N0ZW1t ZUBhcGFjaGUub3JnMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAssnMAnYzYGcN/KXf KkrtUB0MsBJnqRwWgYj8XY5JpDqxbhChcoud9CQG6OQNV3klSzAaVCm07+/qWcgMsDN576NyotJc EsNo57BkwV6GYLptyNyDAxeNXK4tMNiwTQOEy75HAlEzHOc0r66engFxJpcFU2Oe8HH3pnFMQQmC is0wggM/MIICqKADAgECAgENMA0GCSqGSIb3DQEBBQUAMIHRMQswCQYDVQQGEwJaQTEVMBMGA1UE CBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xGjAYBgNVBAoTEVRoYXd0ZSBDb25z dWx0aW5nMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMSQwIgYDVQQD ExtUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgQ0ExKzApBgkqhkiG9w0BCQEWHHBlcnNvbmFsLWZy ZWVtYWlsQHRoYXd0ZS5jb20wHhcNMDMwNzE3MDAwMDAwWhcNMTMwNzE2MjM1OTU5WjBiMQswCQYD VQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMj VGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0A MIGJAoGBAMSmPFVzVftOucqZWh5owHUEcJ3f6f+jHuy9zfVb8hp2vX8MOmHyv1HOAdTlUAow1wJj WiyJFXCO3cnwK4Vaqj9xVsuvPAsH5/EfkTYkKhPPK9Xzgnc9A74r/rsYPge/QIACZNenprufZdHF KlSFD0gEf6e20TxhBEAeZBlyYLf7AgMBAAGjgZQwgZEwEgYDVR0TAQH/BAgwBgEB/wIBADBDBgNV HR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLnRoYXd0ZS5jb20vVGhhd3RlUGVyc29uYWxGcmVlbWFp bENBLmNybDALBgNVHQ8EBAMCAQYwKQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJl bDItMTM4MA0GCSqGSIb3DQEBBQUAA4GBAEiM0VCD6gsuzA2jZqxnD3+vrL7CF6FDlpSdf0whuPg2 H6otnzYvwPQcUCCTcDz9reFhYsPZOhl+hLGZGwDFGguCdJ4lUJRix9sncVcljd2pnDmOjCBPZV+V 2vf3h9bGCE6u9uo05RAaWzVNd+NWIXiC3CEZNd4ksdMdRv9dX2VPMYIC5zCCAuMCAQEwaTBiMQsw CQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UE AxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAw7yjDAJBgUrDgMCGgUAoIIB UzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wNjA2MTcxNzE3MTFa MCMGCSqGSIb3DQEJBDEWBBQIaswiw+wqT3xCyOkK7yATG3QhozB4BgkrBgEEAYI3EAQxazBpMGIx CzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYD VQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIDDvKMMHoGCyqGSIb3DQEJ EAILMWugaTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg THRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAw7yjDAN BgkqhkiG9w0BAQEFAASCAQCT1qXEh5+bowvquY40juo+h1xPTeHQzJWNq/7x9NNfJ5va4c7I9fQA hZTHwJfBSbZfnoS5lCIbQLnomLgtkkDIursDBJyAg/ThAaDpbYdQpQyQrsksgyr+48ycX3jlakgV K5tD0ISs68X//s+3vP7a6QyRWu+3BAeVHOVmfJsxt+9Ws65XF8ZHXt6s0h+NH2rqvzM8nF9PePu7 qmi3Dt6jdVFZYVLmqvYMqSFx77AKA8LnOlZunfJDAjWutIIgqkLTTQ2HwMWWr06YM4OaxWDWd6HP FnkOhRdHWdBTDh5sI3VGttLSf9uNUWYqUBZ14Ib+e2+8dpxvAWQbDW+C5qMpAAAAAAAA --Apple-Mail-5-458739665--