httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Shevett <shev...@pobox.com>
Subject [users@httpd] ProxyPassReverse using rewrite to go BACK to SSL?
Date Tue, 05 Feb 2013 14:40:22 GMT
Hi folks, I've come a long way understanding how ProxyPassReverse is 
supposed to work, and in many ways it's doing exactly what I want it to 
do - it rewrites the URLs on returning redirects to match a specific 
pattern.

However, my problem is I want to rewrite the protocol side of the URL, 
not just the path.  I need to change it from 'http' to 'https'.

Here's the situation.

My application is hosted in AWS, and we're using ELB (the load balancer) 
to act as an SSL endpoint.  This means that queries to 
https://eventj.com/customer/ come from the browser as SSL, but hit 
Apache via HTTP on port 80.  ProxyPass is working correctly to forward 
that into Tomcat, and returned traffic is correct.

However.

If a redirect happens in Tomcat (which the application does on a regular 
basis, say to redirect to a login page), the redirect comes back as a 
non-SSL request (503 http://eventj.com/customer/).

This rule is what I'm using in my proxy:

         # customer
         ProxyPass /customer/ ajp://10.122.103.207:8009/customer/
         ProxyPassReverse /customer/  http://eventj.com/customer

I've tried adding this to the responses:
         RequestHeader set X-Forwarded-Protocol "https"

but no dice.

I've tried doing things like "ProxyPassReverse 
https://eventj.com/customer/ http://eventj.com/customer" but that 
results in a mangled URL of 
'http://eventj.com/https://eventj.com/customer/customer' or something 
like that (I don't have the exact result.  It didn't work :)

How can i use proxypassreverse (or something similar) to ensure that my 
traffic doesn't get redirected out of ALL SSL, ALL the time?

Thanks!

     -d

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message