httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jerome GAUTHIER" <jgauth...@laposte.net>
Subject RE: [users@httpd] Apache proxy problem with https/http and 302 redirects
Date Thu, 12 Apr 2007 21:30:20 GMT
Hello, 

The problem come from your tomcat configuration

In your web.xml file add:
  <security-constraint>
     <web-resource-collection>
        <web-resource-name>Protected Context</web-resource-name>
          <url-pattern>/*</url-pattern>
      </web-resource-collection>
      <!-- auth-constraint goes here if you requre authentication -->
      <user-data-constraint>
         <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
   </security-constraint>

/jerome

-----Message d'origine-----
De : Campbell, Scott [mailto:Scott_Campbell@WrightExpress.com] 
Envoyé : jeudi 12 avril 2007 22:29
À : users@httpd.apache.org
Objet : [users@httpd] Apache proxy problem with https/http and 302 redirects

Greetings.  I am having a problem with the Apache Proxy directives.

Here is my setup:

CLIENT <--> Apache SSL <--> http proxy to tomcat server

A client comes in with an https:// request.  Apache receives that
request and proxies the connection to our backend tomcat server via
http.  The tomcat server sends back data.  Apache then sends that tomcat
data back to the client over the SSL connection.  This part works
perfectly.

However, when the tomcat server sends a 302 redirect (we're using
j_security_check), Apache is sending that redirect back to the client as
HTTP and not HTTPS, therefore triggering the CLIENT IE6/7 browser to
popup "Warning, you are about to enter an unsecure site...".

Has anyone else experienced this, or have ideas why the HTTPS connection
is being broken?

*Another note, when I switch to using a JkMount with
worker/properties/ajp, and do not use ProxyPass/ProxyPassReverse/http,
there is no problem.

Here are our configs:

httpd-ssl.conf
--------------
<VirtualHost 172.27.16.116:443>
	DocumentRoot "/usr/local/apache2/htdocs/MYSITE"
	ServerName www.MYSITE.com:443

	...SSL STUFF...

	ProxyPreserveHost On

	ProxyPass /distrib/ http://172.27.162.132:8080/distrib/
	ProxyPassReverse /distrib/ http://172.27.162.132:8080/distrib/
	ProxyPass /content/ http://172.27.162.132:8080/content/
	ProxyPassReverse /content/ http://172.27.162.132:8080/content/

	#JkMount  /distrib/* worker1
	#JkMount  /content/* worker1
</VirtualHost>

Apache Version (64-bit)
-----------------------
Server version: Apache/2.2.4 (Unix)
Server built:   Feb 22 2007 11:00:07

Apache Build Configuration
--------------------------
--enable-modules=ssl rewrite proxy proxy-connect proxy-http
--with-mpm=worker

OS Information
--------------
Linux HOSTNAME.wrightexpress.com 2.6.9-42.ELsmp #1 SMP Wed Jul 12
23:32:02 EDT 2006 x86_64 x86_64 x86_64 GNU/Linux

Thanks for any help or ideas.

Scott Campbell
Web Systems Administrator
Wright Express
http://www.wrightexpress.com


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message