Hi Brad
Thanks for the tip re. the request collection. In fact (my
observation is) Active4D does not directly determine the nature of
the request but is dependent on 4D for this via the function "Secured
Web connection".
Upon this function returning true, the request info collection is
populated with a value of 443 for the port ID and passed to Active4D
via 'A4D Execute 4D request', so the whole thing is dependent on what
can be determined from the parameters passed to the 'On Web
Connection' method in 4D.
Solutions that would suit me would be:
A] Switch off listening on port 443 in Apache so all secure requests
get served directly by 4D (then I don't need to worry any more about
it - the secure traffic is very small compared with the rest)
B] Configure the Apache rewrite rules so that 4D (and subsequently
Active4D could detect that a particular request came in on the secure
port)
I haven't been able to get A working in a way that 4D detects a
secure connection and I don't know enough about rewriting to do B yet
so I'm stumped at the moment and am doing a lot of reading :)
Regards
Peter
On 29 Jan 2008, at 22:33, Brad Perkins wrote:
Peter,
I'm not sure if this will help, but there is a special value in the
request info collection that will tell if the request is secure.
I just did an active4D.console.dump request info and I see
*secure: "0"
I'm not running on an SSL machine, but I am proxying through Apache.
If that value still returns "0" in an SSL setup, I wouldn't be
surprised if there is a way to set a custom header in your rewrite
rule that you could use to determine forwarded from SSL.
You may also be able to determine this by the presence (or
abscence) of X-Forwarded-For or X-Forwarded-Host headers.
-- Brad Perkins
Peter Jakobsson wrote:
Steve -
I am a bit stumped at how best to handle SSL connections with
Apache in front at the moment.
Can you tell us if 4D or Apache is actually doing the encryption ?
It looks like Apache from your rewrite code. Do you have the
'real' certificate files configured in Apache ?
The problem I would have with this configuration is that if
Active4D is being passed SSL requests on a port other than 443, it
thinks they're not secure and the logic which tests for the secure
port breaks.
I am seem able to get secure requests served just using the code
in the Active4D Wiki, but "get request value(string(A4D Request
Host Port))" returns 8080 instead of 443 so I assume Apache is
rewriting everything to 4D's non-secure port at the moment.
Peter
On 28 Jan 2008, at 13:49, Steve Alex wrote:
On Jan 28, 2008, at 5:23 AM, Peter Jakobsson wrote:
I was wondering how SSL requests are handled in the situation
where Apache is in front of 4D.
I have it (apparently) working using the configurations in the
Wiki, however I can't understand how the response can be
encrypted when:
- all dynamic requests are arriving at 4D on port 8080 and not
443 (including I suppose secure ones)
- Apache doesn't know where the key files are
Do I have to specifically handle secure requests in the apache
rewrite rules or somehow let Apache know where the key files are
located ? i.e. does 4D still handle the encryption or does Apache ?
Don't know if this is the right way, but we set up virtual hosts
in the ssl.conf that listens on port 443
<VirtualHost *:443>
SSLEngine on
ServerName jobs2.aidt.edu
ServerAdmin [EMAIL PROTECTED]
ErrorLog logs/jobs2.aidt.edu-error_log
CustomLog logs/jobs2.aidt.edu-access_log common
SSLCertificateFile ...
SSLCertificateKeyFile ...
SSLCertificateChainFile ...
ProxyPass / http://jobs2.aidt.edu:8010/
ProxyPassReverse / http://jobs2.aidt.edu:8010/
</VirtualHost>
In virtual hosts, all port 80 traffic is rewritten to https.
Steve Alex
_______________________________________________
Active4D-dev mailing list
[email protected]
http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev
Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/
_______________________________________________
Active4D-dev mailing list
[email protected]
http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev
Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/
_______________________________________________
Active4D-dev mailing list
[email protected]
http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev
Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/
_______________________________________________
Active4D-dev mailing list
[email protected]
http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev
Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/
