Juergen Ragaller wrote:
Hi
I was (well not so systematically, but still) testing the jetty proxying
scaffold.
It's working quite nicely. Thanks Jörn, for setting this up!
three things:
1) When a document has the ssl-switch on for auth_live, and the user
clicked on let's say
https://www.example.com/lenya/customer/live/ssl-protected.html
the user stays on www.example.com/lenya/customer/live/
<http://www.example.com/lenya/customer/live/>... (the other links are
not namedhttp://customer.example.com/... but https://www.example.com/ too).
ACK. i've seen that too. does it work for anyone else? i have the
feeling that it's a missing feature in the proxy transformer...
Is the reason for this that if the other links would be http://customer
<http://customer/>... a mixed content http / https warning would appear?
don't think so. mixed content only pops up if other media such as images
on the same page are non-ssl. non-ssl links will just cause a "you are
leaving an ssl-encrypted page" warning, which is fine.
2) The login event is not (yet) rewritten to ssl:
The following rule could go into the customer.example.com section:
# Redirect the login usecase to https
RewriteCond %{QUERY_STRING} (.*)lenya\.usecase=ac\.login(.*)
RewriteRule ^/(.*) https://www.example.com/lenya/customer/live/$1 [R,L]
(adapted from
http://lenya.apache.org/docs/2_0_x/tutorials/proxy/mod_proxy_ajp.html)
A switch back to http://customer.example.com/$1 would be nice for non
ssl live page logins...
yeah, needs to be done. the apache config has a redirect to ssl for the
entire authoring area, but it's deactivated for testing. will that do,
or would you rather have the specific login redirect?
3) I'm still studying the differences between the the proxy_ajp docu and
the proxy rules in the scaffold - is there any servlet container
specific stuff in one of these? If not, a single rule set would confuse
less, I think (at least in my case ;-)).
my approach was to start from scratch, to make sure i understand what
i'm doing. i think andreas' docs are more comprehensive, but they may
contain some legacy cruft (haven't really checked though.) let's try and
put production best practices into the web docs, and keep the
proxytesting README very basic (it probably does the job as it is) -
it's mostly for regression testing, hence it should be somewhat
standardized.
if you find confusing stuff in there, let me know and we'll clean it up.
probably needs some more comments...
--
Jörn Nettingsmeier
"One of my most productive days was throwing away 1000 lines of code."
- Ken Thompson.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
