Hi Eric, I was wrong, this is what I see on my backends:
X-SSL: yes X-SSL-cipher: CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1 X-Forwarded-For: 196.15.188.178 'X-SSL: yes' is a custom header I add in the ListenHTTPS, to tell the backends that the protocol is HTTPS. You can do the same way in ListenHTTP. The trick is to add a 'AddHeader "You-Custom-Header: value'. You probably need to use "RewriteLocation 2" if you intend to identify the protocol by the custom header, and do a redirect if protocol is not https. I can give you an example if you like You can also force the ciphers using "Ciphers" directive, see the man page for more information On Wed, Oct 21, 2009 at 3:34 AM, Eric B. <[email protected]> wrote: > Hi Mattias, > > Maybe I was misunderstanding the man page. I reread it, and indeed, I see > the statement that you wrote below. > > But does that mean that if the certificate is on the server, there is no > way > to determine which cipher the client used? > > Furthermore, is there any way to get additional information in the X- > headers? It would be nice to have X-forwarded-proto for instance (ie: http > or https), cipher, cipher strength, the proxy's ip address itself. > > Are additional headers such as those existant and/or configurable? > > Thanks, > > Eric > > > "Mattias Berge" <[email protected]> wrote in > message news:[email protected]... > > Is it in a ListenHTTP directive? About the X-SSL-cipher, it says "...if > it > > (the client) presents a client certificate Pound adds the following > > headers.." > > > > Post your config and pound version, you've probably added the AddHeader > > incorrectly > > > > > > On Fri, Oct 9, 2009 at 5:45 PM, Eric B. > > <[email protected]> wrote: > > > >> I didn't understand that I needed to do that based on the man pages, so > I > >> just tried it, but still get an unknown directive error: > >> > >> [r...@charliebrown ~]# /usr/sbin/pound > >> starting... > >> line 30: unknown directive "AddHeader X-SSL-cipher" - aborted > >> > >> I tried both > >> AddHeader X-SSL-cipher > >> and > >> AddHeader "X-SSL-cipher" > >> > >> in the config file, but neither seemed to work. > >> > >> According to the man pages, the X-SSL* headers are supposed to be > >> automaticcaly appended to the headers if it is an SSL request, but I > >> can't > >> seem to get any such headers added. > >> > >> Any ideas? > >> > >> Thanks, > >> > >> Eric > >> > >> "Mattias Berge" <[email protected]> wrote > >> in > >> message > >> news:[email protected]... > >> > Did you try 'AddHeader X-SSL-cipher'? > >> > > >> > On Fri, Oct 9, 2009 at 7:21 AM, Eric B. > >> > <[email protected]> wrote: > >> > > >> >> Hi, > >> >> > >> >> According to the man pages and the web site, the X-SSL-cipher is > added > >> if > >> >> the client connects via HTTPS. However, my redirected requests don't > >> >> seem > >> >> to contain any such headers even if the client is connecting via SSL. > >> >> > >> >> Additionally, according to the website, it says the X-SSL-cipher is > >> added > >> >> if > >> >> the HTTPSHeaders is set. I didn't find anything such instructions in > >> the > >> >> man pages, but tried adding it in anyhow. However, pound doesn't > >> >> start > >> >> up, > >> >> complaining that HTTPSHeaders 1 is an unknown directive. > >> >> > >> >> Has anybody used these headers before? Am I doing something wrong > >> trying > >> >> to > >> >> get them added to my requests? > >> >> > >> >> Thanks, > >> >> > >> >> Eric > >> >> > >> >> > >> >> > >> >> > >> >> -- > >> >> To unsubscribe send an email with subject unsubscribe to > >> >> [email protected]. > >> >> Please contact [email protected] for questions. > >> >> > >> > > >> > > >> > > >> > -- > >> > Mattias Berge > >> > Direct +46 (0)40-690 3825 > >> > > >> > > >> > -- > >> > To unsubscribe send an email with subject unsubscribe to > >> > [email protected]. > >> > Please contact [email protected] for questions. > >> > > >> > >> > >> > >> > >> -- > >> To unsubscribe send an email with subject unsubscribe to > >> [email protected]. > >> Please contact [email protected] for questions. > >> > > > > > > > > -- > > Mattias Berge > > Direct +46 (0)40-690 3825 > > > > > > -- > > To unsubscribe send an email with subject unsubscribe to > > [email protected]. > > Please contact [email protected] for questions. > > > > > > > -- > To unsubscribe send an email with subject unsubscribe to [email protected]. > Please contact [email protected] for questions. > -- Mattias Berge Direct +46 (0)40-690 3825 -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
