httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Cicimov <icici...@gmail.com>
Subject Re: [users@httpd] Apache modifies URL when offloading SSL
Date Fri, 29 Jun 2012 05:07:35 GMT
Hmmm this

- apache changes the url to
http://www.mydomain.com/administrator/.<http://www.mydomain.com/administrator/>
> ..


doesn't make sense to me in your scenario. Since you are offloading the SSL
on the proxy all the communication between the proxy and apache is over
HTTP not SSL. So the request already comes to apache as http://... Then
Squid should send that back to the client via SSL. Looks like reverse proxy
issue to me. In apache as reverse proxy you need to have something like:

ProxyRequest off
ProxyPass / http://apache/
ProxyPassReverse / http://apache/

I'm not sure about Squid as I've never used it.

Igor

On Fri, Jun 29, 2012 at 1:28 PM, Clinton J. Campbell <
clinton.campbell@gmail.com> wrote:

> I've been searching archives and other forums, and though I've found
> others who have asked similar questions, I haven't found a solution yet.
>
> I currently have an Apache server that sits behind a Squid Reverse Proxy.
> The Apache server runs two virtual hosts, a Joomla website and a WebDav
> directory for file sharing with customers. The Squid proxy serves several
> functions, including enforcing the requirement that any sensitive pages are
> served to the user over SSL.
>
> When running unencrypted, everything works fine. Squid forwards the
> request to Apache and the response to the user. However, when the user
> tries to connect via SSL, things start to fall apart behind the scenes.
> I'll illustrate with a typical scenario:
>
> - user enters https://www.mydomain.com/administrator to access Joomla
> administration page
> - connection succeeds and user is presented with login page
> - user enters credentials and submits
> - apache changes the url to http://www.mydomain.com/administrator/...
> - connection fails
>
> In some cases, I can manually change the URL back and proceed to access
> most parts of the site.  Some functionality remains broken.  Moreover, this
> problem completely breaks WebDav access on Windows clients.
>
> I've tried a variety of configurations on the proxy to work around or
> avoid the problem; however, I've had no luck. The optimal solution would be
> to find a way to keep Apache from rewriting the URL, but I've not been able
> to track down a configuration that accomplishes this.  Any suggestions?
>
> Thanks in advance!
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message