Re: [Pound Mailing List] Redirect HTTP to HTTPS

Fri, 17 Dec 2010 23:49:51 -0800 

Hi,

Not exactly, but we use relative URL in the site.
Any way, my problem is when somebody click on http://portal.dominio.pri/privado/index.jsp, he should be redirected to https://portal.dominio.pri/privado/index.jsp but the "Location" header in the pound reply says "http://portal.dominio.pri/privado/index.jsp";. Of course, Pound redirect the browser again and again till firefox says there is a loop in my site.
So Pound is changing "https" with "http" in the redirect. However, if I change the host in Redirect directive it works perfectly. I mean with 

     Redirect "https://portal2.dominio.pri";
the "Location" header in the replay says "https://portal2.dominio.pri/privado/index.jsp"; 

Thanks for your help.

Regards,
Francisco


El 17/12/10 21:40, Alfonso Espitia escribió:

You added the header information, but in the application are you checking for 
the new header?

-----Original Message-----
From: Francisco Ruiz [mailto:[email protected]]
Sent: Friday, December 17, 2010 3:21 PM
To: [email protected]
Subject: Re: [Pound Mailing List] Redirect HTTP to HTTPS

Hi,

I'm doing something similar, but it doesn't work as I expected.  This is my 
configuration:

--------------------------------------------------------
ListenHTTP

    Address W.X.Y.Z
    Port 80

    RewriteLocation 2

    Service "PORTAL_REDIRECTHTTPS"
      HeadRequire "Host: portal\.dominio\.pri"
      URL "/privado/.*"
      Redirect "https://portal.dominio.pri";
    End

    Service "PORTAL"
      HeadRequire "Host: portal\.dominio\.pri"

      Backend
        Address A.B.C.D
        Port 80
      End
    End
End

ListenHTTPS

    Address W.X.Y.Z
    Port 443
    Cert "/etc/pound/cert/portal/portal.pem"

    ClientCert 3 9

    CAlist "/etc/pound/cert/ca/CApublicas.pem"
    VerifyList "/etc/pound/cert/ca/CApublicas.pem"

    NoHTTPS11 2

    # Add this header to inform the backend server that this comes from a https 
request
    AddHeader "X-Forwarded-HTTPS: on"
    AddHeader "X-Forwarded-Proto: https"

    Service "PORTAL_HTTPS"
      HeadRequire "Host: portal\.dominio\.pri"
      URL "/privado/.*"

      # Avoid SSL forgeries when client certificates used
      HeadDeny "X-SSL-Subject: .*"
      HeadDeny "X-SSL-Issuer: .*"
      HeadDeny "X-SSL-notBefore: .*"
      HeadDeny "X-SSL-notAfter: .*"
      HeadDeny "X-SSL-serial: .*"
      HeadDeny "X-SSL-cipher: .*"
      HeadDeny "X-SSL-certificate: .*"

      Backend
        Address O.P.Q.R
        Port 80
      End
    End
End
--------------------------------------------------------

I'm trying to force SSL when the client go into the URL "/privado/", but the 
location the browser recives when it is redirected is
"http://portal.domino.pri/privado/": Pound has switched https to http.
The browser is redirected several times and finally it says there must be a 
loop in my site.

I would apreciate your help and experience.

Regards,
Francisco


El 09/12/2010 21:12, Iain Barnett escribió:

Thanks very much for the help and the link.

Regards,
Iain


On 7 Dec 2010, at 13:51, Alfonso Espitia wrote:


I think other people have done it by adding headers in the config,
something like this:

http://www.apsis.ch/pound/pound_list/archive/2005/2005-08/11244427630
00

and then in the application, you can check for the headers and
redirect appropriately (if front-end-https:on then...else...)

--Alfonso

-----Original Message-----
From: Iain Barnett [mailto:[email protected]]
Sent: Monday, December 06, 2010 11:25 PM
To: [email protected]
Subject: [Pound Mailing List] Redirect HTTP to HTTPS

Hi,

I'm trying to use RewriteLocation to redirect HTTP to HTTPS on the
same server, but I'm failing and can't find a single example of how
to use this directive successfully. The man page hasn't illuminated me at all.

If anyone could share a link or an example to get me started I would
be very grateful.

Regards
Iain
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.

--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.

--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.


--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.

--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.


--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.

Reply via email to