Hi
I was (well not so systematically, but still) testing the jetty
proxying scaffold.
It's working quite nicely. Thanks Jörn, for setting this up!
three things:
1) When a document has the ssl-switch on for auth_live, and the user
clicked on let's say
https://www.example.com/lenya/customer/live/ssl-protected.html
the user stays on www.example.com/lenya/customer/live/... (the other
links are not namedhttp://customer.example.com/... but https://www.example.com/
too).
Is the reason for this that if the other links would be http://
customer... a mixed content http / https warning would appear?
2) The login event is not (yet) rewritten to ssl:
The following rule could go into the customer.example.com section:
# Redirect the login usecase to https
RewriteCond %{QUERY_STRING} (.*)lenya\.usecase=ac\.login(.*)
RewriteRule ^/(.*) https://www.example.com/lenya/customer/live/$1
[R,L]
(adapted from
http://lenya.apache.org/docs/2_0_x/tutorials/proxy/mod_proxy_ajp.html)
A switch back to http://customer.example.com/$1 would be nice for non
ssl live page logins...
3) I'm still studying the differences between the the proxy_ajp docu
and the proxy rules in the scaffold - is there any servlet container
specific stuff in one of these? If not, a single rule set would
confuse less, I think (at least in my case ;-)).
Thanks and good night.
Jürgen
