Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 95E09200C05 for ; Mon, 23 Jan 2017 23:07:28 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 92FFC160B49; Mon, 23 Jan 2017 22:07:28 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id DE0E2160B3C for ; Mon, 23 Jan 2017 23:07:27 +0100 (CET) Received: (qmail 5255 invoked by uid 500); 23 Jan 2017 22:07:26 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 5245 invoked by uid 99); 23 Jan 2017 22:07:26 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 23 Jan 2017 22:07:26 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 98D7BC129E for ; Mon, 23 Jan 2017 22:07:25 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.999 X-Spam-Level: X-Spam-Status: No, score=0.999 tagged_above=-999 required=6.31 tests=[KAM_LAZY_DOMAIN_SECURITY=1, SPF_HELO_PASS=-0.001] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id 73RO_E-qgSb7 for ; Mon, 23 Jan 2017 22:07:23 +0000 (UTC) Received: from mailbox.servedge.com (72.103.82.208.static.ipv4.dnsptr.net [208.82.103.72]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 4E96A5FC1E for ; Mon, 23 Jan 2017 22:07:23 +0000 (UTC) Received: (qmail 26668 invoked by uid 513); 23 Jan 2017 16:07:14 -0600 Received: from pool-74-96-79-133.washdc.fios.verizon.net (HELO Christophers-iMac.local) (chris@christopherschultz.net@74.96.79.133) by mailbox.servedge.com with AES128-SHA encrypted SMTP; 23 Jan 2017 16:07:14 -0600 To: "users@httpd.apache.org" From: Christopher Schultz Message-ID: <79205131-6915-469f-b583-9e13b60ee50e@christopherschultz.net> Date: Mon, 23 Jan 2017 17:07:13 -0500 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Thunderbird/45.6.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Subject: [users@httpd] Configuring redirects httpd behind a TLS-terminating proxy archived-at: Mon, 23 Jan 2017 22:07:28 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 All, I've got an EC2 instance behind a load balancer where TLS is being terminated. I've arranged for two separate httpd (2.4.25) VirtualHosts: one for the secure connections (proxied from the lb) and another for the non-secure connections. I have a Redirect directive that isn't behaving as I'd like it to behave : RedirectMatch permanent ^/$ /site/ I have the same redirect in both VirtualHosts. The redirect itself works, but it doesn't preserve the secure-protocol when I'm using the secure VirtualHost. I have this directives to attempt to set the HTTPS environment variable: # Handle ELB requests; maintain client information SetEnvIf X-Forwarded-Proto "https" HTTPS=On SetEnvIf X-Forwarded-Port "(.*)" JK_LOCAL_PORT=$1 I can confirm that ELB is in fact sending the "X-Forwarded-Proto: https" header to my httpd instance. I can also see that the HTTPS environment variable is in fact being set to "On" when I make a request. I'm expecting httpd to redirect a request from "https://www.example.com/" to "https://www.example.com/site/" but instead I'm getting redirected to "http://www.example.com/site/". Can anyone see anything wrong with my configuration? Or do I have a misunderstanding of how RedirectMatch will built its relative URLs? I'd expect the redirects to be protocol-relative, but even though HTTPS=On, the request from the LB is actually using HTTP and not HTTPS. Am I not able to override the protocol by setting the HTTPS environment variable? Do I have to build an absolute redirect using other environment variable s? - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYhn6RAAoJEBzwKT+lPKRYPGgQAJxY2qq2wAxhzV21iQJFz/qz vviFasPk17/ezD7ZGM1yHuxOrTrZRglvIRUXrRB3MWBX55fX11NsryxfKNigxOpw TXtmJQNAScvXZfGdSVkVNcSNHN6FWKE+QRNhtPNhVoyxWP1fUdc00bzFCX3PDvoo +8ASJJDV+0Qy5O0IlVv4B1uBnfzhVaxBgi2UYzGF8jyrbgUXHUA9R14FtXN6DNqw Q4UKBXD6W5wS1zPYep9oHs0aqQIycvAXTFB20dwfaZ/Qft/wED2ACNOg60hRtQ3x tP57zjEQqxzHKPHsTYaM4k6so69lIL9uoNUBgN1Q/Eqyl+ufF13y2EasjL4Y2Svz qUFzyP85xFHTxnR8QvAYvmL4jqrf2ynZWnKHLDoVs1y9BOb0Iv4/8EWqcaIOG4QF MlUxoSY32Z/BA3oxkE3pTzzqeyjZTY3ITMtdNDFMWFoDa3iTDBFNjfcUOYJSuaZx 7Q9A7NYtMpTFvTxVpQmz+PFkVpDqmF/xxHO/B9LaPcjTCWqqYU+m5/GTugW/pcoH LVKfiPEbAYkjmOIR/+BE2x2YU4PglTIrzKfB2MlyHq/3qU3/SNvL+qM0xs6V1tdN OtLx83lrEKecuqiH3A6zGPpcKqzdCGCMJxbg/jq5QJXMLs3/sSYyo15EjUEQYfjZ Wn+RdQYSpwcWQ8eoLQVF =mJ4i -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org