httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Cicimov <icici...@gmail.com>
Subject Re: [users@httpd] Redirect[Match] behind load-balancer switching protocols
Date Wed, 18 Nov 2015 02:57:35 GMT
Hi Christopher,

On Wed, Nov 18, 2015 at 8:06 AM, Christopher Schultz <
chris@christopherschultz.net> wrote:

> All,
>
> The docs for the Redirect directive state that a slash-prefixed
> replacement URL (relative) will use the current request's scheme and
> hostname to build the redirect URL.
>
> RedirectMatch doesn't say specifically, but what I'm observing is that:
>
> RedirectMatch permanent ^/$ /foo/
>
> ... when requesting https://hostname/, I get a redirect to
> http://hostname/foo/ <-- note the protocol switch from https to http.
>
> I'm running httpd 2.4.16 on Linux.
>
> This is an httpd instance which is sitting behind a load-balancer, so
> httpd isn't terminating SSL itself. The lb is providing the various
> X-Forwarded-* headers, and I have this configuration as well:
>
>     SetEnvIf X-Forwarded-Proto "https" HTTPS=On
>
> Is there another environment variable or other setting that I need to
> use in order to override httpd's protocol-detection?
>
> Thanks,
> -chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Do you actually have some rewrite rules based on this variable then? Just
setting that variable does not make Apache switch to https protocol in the
response headers you need to actually tell it to use it. I do the following:

        RewriteEngine On
        RewriteCond %{HTTP_X_Forwarded_Proto}  ^https$
        RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]

or just:

        RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [E=HTTPS:On,R,L]

if you wish to use the newly created HTTPS var.

Thanks,
Igor

Mime
View raw message