httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matt Bullock" <mbull...@root9.com>
Subject RE: [users@httpd] Redirect to HTTPS using Load Balancer/SSL Offload
Date Sat, 24 Nov 2007 06:06:25 GMT
I was hoping there would be a way to let apache know the url being
requested was "https://...".  Here is a log when I  navigate to a https
page:

75.83.2.48 - - [23/Nov/2007:21:47:51 --0800]
[www.domain.com/sid#5555557f2f90][rid#555555a1c188/initial] (2)
explicitly forcing redirect with
https://www.domain.com/scripts/vendor/membership_renew.php
75.83.2.48 - - [23/Nov/2007:21:47:51 --0800]
[www.domain.com/sid#5555557f2f90][rid#555555a1c188/initial] (1) escaping
https://www.domain.com/scripts/vendor/membership_renew.php for redirect
75.83.2.48 - - [23/Nov/2007:21:47:51 --0800]
[www.domain.com/sid#5555557f2f90][rid#555555a1c188/initial] (1) redirect
to https://www.feedisclosure.com/scripts/vendor/membership_renew.php
[REDIRECT/301]
75.83.2.48 - - [23/Nov/2007:21:47:51 --0800]
[www.domain.com/sid#5555557f2f90][rid#555555a1e198/initial] (2) init
rewrite engine with requested uri /scripts/vendor/membership_renew.php
75.83.2.48 - - [23/Nov/2007:21:47:51 --0800]
[www.domain.com/sid#5555557f2f90][rid#555555a1e198/initial] (2) rewrite
'/scripts/vendor/membership_renew.php' ->
'https://www.domain.com/scripts/vendor/membership_renew.php'


The logs show the correct url, so all I need is to somehow let apache
know not to rewrite if this is the case -

RewriteCond !=https://www???
RewriteCond %{REQUEST_URI} ^/scripts/vendor/new_fmpackage\.php$
RewriteRule ^.*$ https://www.domain.com%{REQUEST_URI} [R=301,L]

I don't know how to create a rule that checks if it has already been
rewritten.

Matt

-----Original Message-----
From: Brian A. Seklecki [mailto:lavalamp@spiritual-machines.org] 
Sent: Friday, November 23, 2007 6:16 PM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Redirect to HTTPS using Load Balancer/SSL
Offload



You could use a wildcard SSL cert and redirect to 
https://secure.*.tld:/patcha/patchb/file then make your determination 
based on the hostname.

The extra $100 cert is a lot less expensive than Radware AppXcel for
sure.


On Fri, 23 Nov 2007, Matt Bullock wrote:

> Date: Fri, 23 Nov 2007 18:06:12 -0800
> From: Matt Bullock <mbullock@root9.com>
> Reply-To: users@httpd.apache.org
> To: users@httpd.apache.org
> Subject: RE: [users@httpd] Redirect to HTTPS using Load Balancer/SSL
Offload
> 
> Eric,
>
> That definitely seems like the reason the redirect keeps looping.
Every
> example I have seen has involved {SERVER_PORT} (is or isn't) 443 as a
> RewriteCond, but I haven't found a way to let apache know if the
current
> session between the client and the load balancer is being encrypted or
> not.
>
> Brian,
>
> I am using a Barracuda, which is far cheaper, and has far less
features
> than some of the other vendors like Radware, F5 and Cisco
LocalDirector.
> I will find out if it there is a way for the barracuda to let apache
> know its current offload status so it can differentiate between each
> request.
>
> Matt
>
>
> -----Original Message-----
> From: Brian A. Seklecki [mailto:lavalamp@spiritual-machines.org]
> Sent: Friday, November 23, 2007 5:36 PM
> To: Eric Covener
> Cc: users@httpd.apache.org
> Subject: Re: [users@httpd] Redirect to HTTPS using Load Balancer/SSL
> Offload
>
>
> Radware has some nice header rewriting features in its SSL accelerator
> package.
>
> ~BAS
>
> On Fri, 23 Nov 2007, Eric Covener wrote:
>
>> Date: Fri, 23 Nov 2007 20:25:30 -0500
>> From: Eric Covener <covener@gmail.com>
>> Reply-To: users@httpd.apache.org
>> To: users@httpd.apache.org
>> Subject: Re: [users@httpd] Redirect to HTTPS using Load Balancer/SSL
> Offload
>>
>> On Nov 23, 2007 7:59 PM, Matt Bullock <mbullock@root9.com> wrote:
>>> Thanks for the reply.  The redirect loops the requested page never
> comes
>>> up.  The log prints the same thing over and over.
>>
>> You said the LB does SSL offload. You haven't given apache any way to
>> distinguish when someone hits the LB via http or https, so it
>> redirects in both cases.    Maybe your LB sets some additional header
>> in the case it handled SSL?
>>
>>
>> --
>> Eric Covener
>> covener@gmail.com
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server
> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>
>>
>>
>>
>>
>>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>
>
>
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message