Hi Anne, Next, in your application, check for the "X-SSL-Request: 1" header and have it redirect to https (you can do that in a simple HTTP root handler if you are running ASP.NET) when the header is not present or has an invalid value.
Someone else mentioned that you may have embedded links to "http://xxx";, which is likely the case here. Do a global search/replace on "http://mydomain"; (ABACRE Software has a good tool for this that runs on windows). Pound does not do the full-scale mod_rewrite capability that you are looking for. It has some miscellaneous commands that can get you going for simple rewrites. Otherwise, you could bind port 80 on a local apache install and have it mod_rewrite to HTTPS. -- Jake -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Mattias Berge Sent: Tuesday, March 16, 2010 3:22 AM To: [email protected] Subject: Re: [Pound Mailing List] Problem with pound SSL Maybe the backend return a Location: header with http? If so, it can be solved with RewriteLocation option On Tue, Mar 16, 2010 at 3:16 AM, Anne Moore <[email protected]>wrote: > Hello All > > I'm setting up POUND for my entire corporation. We, however, cannot seem to > get the SSL working correct. > > Here's our setup: > > (Entire network is private): > > Clients >> POUND >> BackendServer1/BackenedServer2 > > Every time our users get directed to the backend servers, the first page is > encrypted. However, all subsequent pages that the user clicks on, are not. > This is causing a major problem with our sensitive data. I'm also trying to > get port 80 to automatically re-directs to port 443. No luck with either > one > so far. Any help you can provide is great appreciated! Thank you - Anne > > Here's my pound.cfg: > > User "nobody" > Group "nobody" > RootJail "/usr/share/pound" > Control "/var/run/pound/ctl_socket" > > # Main listening ports > ListenHTTP > Address 192.168.1.12 > Port 80 > xHTTP 1 > End > ListenHTTPS > > Address 192.168.1.12 > Port 443 > Cert "/usr/share/ssl/certs/myserver.pem" > Ciphers > "ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL" > xHTTP 1 > HeadRemove "X-SSL-Request" > HeadRemove "X-Forwarded-For" > AddHeader "X-SSL-Request: 1" > End > > # redirect all requests for /forbidden > Service > Url "/forbidden.*" > Redirect "https://192.168.1.12/"; > End > > # Catch-all server(s) > Service > BackEnd > Address 192.168.1.13 > Port 7777 > End > BackEnd > Address 192.168.1.14 > Port 7777 > End > Session > Type BASIC > TTL 300 > End > End > > > -- > To unsubscribe send an email with subject unsubscribe to [email protected]. > Please contact [email protected] for questions. > -- Mattias Berge Direct +46 (0)40-690 3825 -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions. -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
