Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 69ABD200C14 for ; Tue, 7 Feb 2017 14:01:29 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 683FC160B4B; Tue, 7 Feb 2017 13:01:29 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 899AE160B3E for ; Tue, 7 Feb 2017 14:01:28 +0100 (CET) Received: (qmail 54290 invoked by uid 500); 7 Feb 2017 13:01:27 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 54280 invoked by uid 99); 7 Feb 2017 13:01:27 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 07 Feb 2017 13:01:27 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id BC953181B6F for ; Tue, 7 Feb 2017 13:01:26 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.379 X-Spam-Level: ** X-Spam-Status: No, score=2.379 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id 53ikzGjnAodJ for ; Tue, 7 Feb 2017 13:01:24 +0000 (UTC) Received: from mail-wm0-f51.google.com (mail-wm0-f51.google.com [74.125.82.51]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 9B80D5F254 for ; Tue, 7 Feb 2017 13:01:23 +0000 (UTC) Received: by mail-wm0-f51.google.com with SMTP id v77so153605283wmv.0 for ; Tue, 07 Feb 2017 05:01:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=5i7HUbX02A/mJNsAFh75jkhwp190NIvtLIY24ofgCPM=; b=ubRpoagZ0iF9+n2G0BTY/Q4808LyhGYOAkbIW3stsJFbGIj5aotmIOjLsXusFOwimJ T5YKVE5a9pQ0mbn0ujsOqPnaoVw8ENxPYGpmPsajjdASuiERZNh9POYFEC0dmQINYnju 9NSr4yjKOF4ALKAne1W4frZJ+1mXC4M1xDOvTTdTZW4LoPpdLUMcb2eZz5tDa1p9T9fp COPVaUpFUYYPq2Y/2P3UD11x9hvwg6jT9AybMANq/Hzj1kTtqbDo2+YEIriTWtafryaR 4yvCtKY47ayyPLG/fvvZGE6ZUj4vRhO1zcuQl1JK7LJd5xmR6cOgIswz7/ZM+/a0B6m3 CTIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=5i7HUbX02A/mJNsAFh75jkhwp190NIvtLIY24ofgCPM=; b=E55Ja6TlS3qIxIxkvJk9yOk/SMoQpL50N+FJsQ2DUZh4+U118A/PahY7tLf8Ah9By3 9tlKWwei7KmicL0GQSmM6FnkBYVS6pW6dnmu7okOF0d2TNOWuJFW4xfW7a5Aibs9Dga1 sOmAyFjnZo/x6D67/AiMRkyyJTlXCzenlzYTJ3xhJgEE9jTIRiHBBRBXnLGAG3ioOjGZ K9tiKvuNGQgcePuK36jIHtcoQOTzKY29bS62AWzLTwTfydsdRugVfKcd/I5LNHc11Ji8 aqDzww0rKwfm75nUpsmrmnVEGJ43K1it9NEazRJ5YxdOgXTuBvsdeBi8xNFn38Eq2Jsg 31ig== X-Gm-Message-State: AMke39kGb/98P/2lmxEMkqLGLoYYIOWIVf2C4lObWoyiqe+tb8sgAIZzbdxeEe+3cVMsaTYvKglYpeeUAG25cA== X-Received: by 10.28.181.145 with SMTP id e139mr12193972wmf.127.1486472476616; Tue, 07 Feb 2017 05:01:16 -0800 (PST) MIME-Version: 1.0 Received: by 10.80.172.18 with HTTP; Tue, 7 Feb 2017 05:00:56 -0800 (PST) In-Reply-To: References: From: Daniel Date: Tue, 7 Feb 2017 14:00:56 +0100 Message-ID: To: "" , mj.kelleher@gmail.com Content-Type: multipart/alternative; boundary=001a1148e3aaf0134b0547f05798 Subject: Re: [users@httpd] Apache 2.2 mod_headers question archived-at: Tue, 07 Feb 2017 13:01:29 -0000 --001a1148e3aaf0134b0547f05798 Content-Type: text/plain; charset=UTF-8 It is perfectly normal for a backend that works with http to return internal Location headers with http. If apache is the backend of some other reverse proxy it is the job of that reverse proxy to use the correct url scheme requested by the client, that is, to revert the location headers back to "https" where that behaviour is needed. For instance, if the reverse proxy was Apache, it has a directive for that called ProxyPassReverse which does exactly that. Have you tried to "address this" in the reverse proxy where SSL termination is? 2017-02-07 4:40 GMT+01:00 mjk : > I have spent 8+hours scouring the web, reviewing the Apache Httpd > Cookbook, the Definitive Reference, and the 2.2 documentation for > mod_headers, mod_proxy and core. > > > CONFIGURATION: > Apache Version: > Server version: Apache/2.2.15 (Unix) > Server built: Jul 18 2016 15:24:00 > > SSL offloading happens before the requests gets to Apache, which proxies > http traffic to Apache on port 80. > > The Apache VirtualHost config in question does not have a ServerName or > ServerAlias configured, and is configured to listen on port 80. > > SITUATION > I have a Rewrite rule issuing a 301 redirect which uses flags [NC,R=301,L] > - which redirects to the correct hostname, but using http as the protocol. > > I have a mod_headers rule to try to deal with this: Header always edit > Location ^http://(.*) https://$1 > This rule is getting completely ignored. > > > If I add a wholly new Header like: Header always add SillyHeader > SillyHeaderValue > the header DOES get added. > > > Does anyone know why the "Header always edit" rule is getting ignored? > > Thank you, > > --mjk > -- *Daniel Ferradal* IT Specialist email dferradal at gmail.com linkedin es.linkedin.com/in/danielferradal --001a1148e3aaf0134b0547f05798 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
It is perfectly normal for a backend that works with = http to return internal Location headers with http.

If = apache is the backend of some other reverse proxy it is the job of that rev= erse proxy to use the correct url scheme requested by the client, that is, = to revert the location headers back to "https" where that behavio= ur is needed.

For instance, if the reverse proxy was Apa= che, it has a directive for that called ProxyPassReverse which does exactly= that.

Have you tried to "address this" = in the reverse proxy where SSL termination is?

2017-02-07 4:40 GMT+01:00 mjk <mj.kelleher@gmail.com>:
<= div dir=3D"ltr">
I have spent 8+hours scouring the web, reviewing the A= pache Httpd Cookbook, the Definitive Reference, and the 2.2 documentation f= or mod_headers, mod_proxy and core.


CONFIGURATION:
Apache Version:=C2=A0
Server v= ersion: Apache/2.2.15 (Unix)
Server built: =C2=A0 Jul 18 2016= 15:24:00

SSL offloading happens before the = requests gets to Apache, which proxies http traffic to Apache on port 80.

The Apache VirtualHost config in question does = not have a ServerName or ServerAlias configured, and is configured to liste= n on port 80.

SITUATION
I have a Rewrite= rule issuing a 301 redirect which uses flags [NC,R=3D301,L] - =C2=A0which = redirects to the correct hostname, but using http as the protocol.

I have a mod_headers rule to try to deal with this: =C2=A0= Header always edit Location ^http://(.*) https://$1
This rule is= getting completely ignored.


If I a= dd a wholly new Header like: =C2=A0 =C2=A0Header always add SillyHeader Sil= lyHeaderValue
the header DOES get added.

=

Does anyone know why the =C2=A0 "Header always edi= t" =C2=A0 rule is getting ignored?

Thank you,=

--mjk



--
Daniel F= erradal
IT Specialist

=
<= div>email =C2=A0 =C2=A0 =C2=A0 =C2=A0 dferradal=C2=A0at gmail.com
--001a1148e3aaf0134b0547f05798--