Re: [Pound Mailing List] Redirect HTTP to HTTPS

Fri, 17 Dec 2010 12:28:45 -0800 

Hi,
I'm doing something similar, but it doesn't work as I expected. This is my configuration: 

--------------------------------------------------------
ListenHTTP

  Address W.X.Y.Z
  Port 80

  RewriteLocation 2

  Service "PORTAL_REDIRECTHTTPS"
    HeadRequire "Host: portal\.dominio\.pri"
    URL "/privado/.*"
    Redirect "https://portal.dominio.pri";
  End

  Service "PORTAL"
    HeadRequire "Host: portal\.dominio\.pri"

    Backend
      Address A.B.C.D
      Port 80
    End
  End
End

ListenHTTPS

  Address W.X.Y.Z
  Port 443
  Cert "/etc/pound/cert/portal/portal.pem"

  ClientCert 3 9

  CAlist "/etc/pound/cert/ca/CApublicas.pem"
  VerifyList "/etc/pound/cert/ca/CApublicas.pem"

  NoHTTPS11 2


  # Add this header to inform the backend server that this comes from a 
https request

  AddHeader "X-Forwarded-HTTPS: on"
  AddHeader "X-Forwarded-Proto: https"

  Service "PORTAL_HTTPS"
    HeadRequire "Host: portal\.dominio\.pri"
    URL "/privado/.*"

    # Avoid SSL forgeries when client certificates used
    HeadDeny "X-SSL-Subject: .*"
    HeadDeny "X-SSL-Issuer: .*"
    HeadDeny "X-SSL-notBefore: .*"
    HeadDeny "X-SSL-notAfter: .*"
    HeadDeny "X-SSL-serial: .*"
    HeadDeny "X-SSL-cipher: .*"
    HeadDeny "X-SSL-certificate: .*"

    Backend
      Address O.P.Q.R
      Port 80
    End
  End
End
--------------------------------------------------------


I'm trying to force SSL when the client go into the URL "/privado/", but 
the location the browser recives when it is redirected is 
"http://portal.domino.pri/privado/": Pound has switched https to http. 
The browser is redirected several times and finally it says there must 
be a loop in my site.


I would apreciate your help and experience.

Regards,
Francisco


El 09/12/2010 21:12, Iain Barnett escribió:

Thanks very much for the help and the link.

Regards,
Iain


On 7 Dec 2010, at 13:51, Alfonso Espitia wrote:


I think other people have done it by adding headers in the config,
something like this:

http://www.apsis.ch/pound/pound_list/archive/2005/2005-08/1124442763000

and then in the application, you can check for the headers and redirect
appropriately (if front-end-https:on then...else...)

--Alfonso

-----Original Message-----
From: Iain Barnett [mailto:[email protected]]
Sent: Monday, December 06, 2010 11:25 PM
To: [email protected]
Subject: [Pound Mailing List] Redirect HTTP to HTTPS

Hi,

I'm trying to use RewriteLocation to redirect HTTP to HTTPS on the same
server, but I'm failing and can't find a single example of how to use
this directive successfully. The man page hasn't illuminated me at all.

If anyone could share a link or an example to get me started I would be
very grateful.

Regards
Iain
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.

--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.


--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.



--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.






















					Reply via email to