Return-Path: X-Original-To: apmail-httpd-users-archive@www.apache.org Delivered-To: apmail-httpd-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 93B9CDFA9 for ; Sun, 1 Jul 2012 07:40:40 +0000 (UTC) Received: (qmail 89516 invoked by uid 500); 1 Jul 2012 07:40:37 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 89294 invoked by uid 500); 1 Jul 2012 07:40:36 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 89259 invoked by uid 99); 1 Jul 2012 07:40:34 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 01 Jul 2012 07:40:34 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of clinton.campbell@gmail.com designates 209.85.160.45 as permitted sender) Received: from [209.85.160.45] (HELO mail-pb0-f45.google.com) (209.85.160.45) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 01 Jul 2012 07:40:28 +0000 Received: by pbbro12 with SMTP id ro12so7638518pbb.18 for ; Sun, 01 Jul 2012 00:40:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:message-id:in-reply-to:references:subject:x-mailer :mime-version:content-type:content-transfer-encoding :content-disposition; bh=9IHcYwaMjvgZcqJNIrkQQ2xLVA6oFm1e9O2CYj5lAWY=; b=IShPlo464+44VjhKLp5ANLTQZDg+KFs3HCaQp0I/UcGn3b3VxNDfmpds8qhBGafFZp JicI4HDKv9VJEZwWuzaxV+0jPatRgti7uc+4j6rh0Y5xfD95udoycRY4GCktirx6bQiX oc2YIFdsDoaElNcpQAaPUXDDVXjzPgi1bYgEqq68G+hheZN9BuujG0lweKZ+4WDsMvfg 4WeyrX4TT8lJ7nL/eYr40URuokwVSLEZ5lLKDBWfpRpbTIqVdnmYPHxaLg6+SCTRILrT TJryD9UNwuE3GnEhIl8l/VTS9qO3s3lRrjYoxoJizyN0cIjh635I+rqd3NeEvcTaOkt/ PtXw== Received: by 10.68.213.7 with SMTP id no7mr19515855pbc.3.1341128407900; Sun, 01 Jul 2012 00:40:07 -0700 (PDT) Received: from [10.0.1.87] (c-24-18-212-114.hsd1.wa.comcast.net. [24.18.212.114]) by mx.google.com with ESMTPS id ua6sm9988132pbc.20.2012.07.01.00.40.05 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 01 Jul 2012 00:40:06 -0700 (PDT) Date: Sun, 1 Jul 2012 00:40:07 -0700 From: "Clinton J. Campbell" To: users@httpd.apache.org Message-ID: <98DF8BB87506432ABBEF1B4835177F98@gmail.com> In-Reply-To: <4FEDDD14.9090501@primary.net> References: <4FEDDD14.9090501@primary.net> X-Mailer: sparrow 1.6.1 (build 1081.52) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] Apache modifies URL when offloading SSL Thanks for the tip Daniel. I ran some more tests while monitoring httpd logs followed by a similar set of tests monitoring the Squid logs with debugging turned on. What I've found is that the connection is initially handled correctly until credentials are posted. At this point, httpd sends an HTTP 303 pointing to the modified URI. - From browser to squid, the connection is https. The URI in the initial HTTP request is https://www.mydomain.com/administrator. - From squid to httpd, the connection is http. The URI passed in the HTTP request is still https://www.mydomain.com/administrator/index.php. - Httpd responds correctly to the request returning the login page. Squid passes the result back to the browser. - User enters credentials, browser POST to squid. Squid reviews the request, forwards to httpd. - Httpd replies with HTTP 303, Location: http://www.mydomain.com/administrator/index.php. - Squid forwards reply to browser, which now connects to squid via http. Connection fails per policy. I know that this is not an unusual combo, fronting an unencrypted httpd with a proxy accepting connections over https, and the server seems to handle receiving https URI's within headers for GET requests. So I guess I'm still curious whether there is a way to configure httpd to prevent the redirection to http on the POST? There's one remaining twist in the logs, that also makes me wonder if the problem is coming from Joomla. I ran a scenario lifting the restriction to https and I connected unencrypted to the server. After the POST, the server responds in the same fashion, with an HTTP 303. Is this a standard pattern for httpd with POST requests or is it something that is likely being triggered by the application? Appreciate the help! Clinton On Friday, June 29, 2012 at 9:51 AM, Daniel Ruggeri wrote: > On 6/29/2012 11:43 AM, Clinton J. Campbell wrote: > > I'm trying to configure the logs so that I can confirm whether this is generated by Apache or not. Any tips? > > > > mod_dumpio is the place to be for debugging this kind of stuff. All > input and output will get logged to show you exactly what httpd is > reading and writing. > > -- > Daniel Ruggeri > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org (mailto:users-unsubscribe@httpd.apache.org) > For additional commands, e-mail: users-help@httpd.apache.org (mailto:users-help@httpd.apache.org) --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org