httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jorge Schrauwen <jorge.schrau...@gmail.com>
Subject Re: [users@httpd] Forcing URL Rewrite before Proxy pass
Date Sat, 01 Aug 2009 10:48:58 GMT
If you want to go SSL here is an easier way to check for SSL

RewriteEngine On
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^/secure(.*) https://%{SERVER_NAME}/secure$1 [R,L]

You way also want to look at the P flag to proxy the request.
http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#rewriteflags
'proxy|P' (force proxy) This flag forces the substitution part to be
internally sent as a proxy request and immediately (rewrite processing stops
here) put through the proxy
module<http://httpd.apache.org/docs/2.2/mod/mod_proxy.html>.
You must make sure that the substitution string is a valid URI (typically
starting with http://*hostname*) which can be handled by the Apache proxy
module. If not, you will get an error from the proxy module. Use this flag
to achieve a more powerful implementation of the
ProxyPass<http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass>directive,
to map remote content into the namespace of the local server.

Note: mod_proxy <http://httpd.apache.org/docs/2.2/mod/mod_proxy.html> must
be enabled in order to use this flag.
Whic is probably what you wanted from the beginning.


Also if you go André's way, you can do a
Redirect /secure https://yourdomain/secure

that should be faster than rewrite.

~Jorge


On Sat, Aug 1, 2009 at 12:24 PM, André Warnier <aw@ice-sa.com> wrote:

> /U wrote:
>
>> Apache: 2.2.0
>>
>> I need to
>>   a) require SSL on requests to /secure (i.e., http://server/secure ->
>> https://server/secure)
>>   b) and as the second step, offload (proxy) https://server/secure to
>> http://server:8080/secure
>>
>>  I don't know the details, but the following may work :
>
> You may need is 2 <VirtualHost> sections, as follows :
>
> main config :
> Listen *:80
> Listen *:443
>
> ...
> <VirtualHost *:80>
> ...
>
>  RewriteEngine On
>> RewriteLog  "/tmp/http.log"
>> RewriteLogLevel 9
>> RewriteCond %{SERVER_PORT}!443$
>> RewriteRule ^/secure(.*) https://%{HTTP_HOST}:443/secure$1 [R=301,L]
>>
>>  ...
> </VirtualHost>
>
> <VirtualHost *:443>
> .. your proxy stuff ..
> </VirtualHost>
>
> The general idea being :
> - the first VirtualHost acts as the default (and only) host for all
> requests to port 80.  If there is a request to /secure, it sends an external
> re-direct to the browser, re-directing it to HTTPS on port 443
> - the second VirtualHost acts as the default (and only) host on port 443.
>  It terminates SSL and proxies the requests to your Tomcat (I suppose) via
> HTTP.
> (Note that you could also use mod_jk or mod_proxy_ajp there, probably more
> efficiently.)
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>  "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message