On Tue, 2007-06-26 at 12:13 +0200, Andreas Hartmann wrote: > Andreas Hartmann schrieb: > > Thorsten Scherler schrieb: > >> On Tue, 2007-06-12 at 18:17 +0200, Andreas Hartmann wrote: > >>> Hi Lenya devs, > >>> > >>> I'm a bit confused how the proxy configuration works > >>> > >>> ATM we have something like this: > >>> > >>> <proxies ssl="false" root="..."> > >>> <proxy area="live" ssl="true" url="..."/> > >>> <proxy area="live" ssl="false" url="..."/> > >>> <proxy area="authoring" ssl="true" url="..."/> > >>> <proxy area="authoring" ssl="false" url="..."/> > >>> </proxies> > >>> > >>> Why does the <proxies> element with ssl=false have > >>> children with ssl=true? > >> http://marc.info/?l=lenya-dev&m=118036330826401&w=2 > >> "Yes, all urls outside of areas are not ssl protected by default (at > >> least that is my understanding). Actually one can even get rid of the > >> @ssl. The ssl checkbox in the ac is the one that determines whether a > >> url is ssl protected or not but you cannot have ac for the global stuff > >> ATM and AFAIR." > > > > But IIUC this would lead to the infamous "This page contains insecure > > components" messages, wouldn't it? If a page is served through SSL, > > all images, CSS etc. it references also have to be served through > > SSL. > > I have now configured Apache2 with SSL as a proxy for Tomcat. The login > usecase is redirected to SSL. This results in the message I mentioned: > > "You have requested an encrypted page that contains some > unencrypted information. [...]" > > To avoid this, we'd have to use a global SSL proxy URL for the CSS and > image URLs. IMO we should use the SSL variants of all outgoing links > on an SSL-encrypted page by default. > > WDYT?
this.ssl = _request.isSecure(); You mean something like this in the setup method of the proxyTransformer? salu2 -- Thorsten Scherler thorsten.at.apache.org Open Source Java consulting, training and solutions --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
