Re: [Pound Mailing List] Redirect HTTP to HTTPS

Sat, 18 Dec 2010 08:50:44 -0800 

Try using the RewriteLocation directive, or fix the backend so that
links go to the proper protocol.

Regards,
--
Dave Steinberg

On 12/18/2010 2:10 AM, Francisco Ruiz wrote:

Hi,

Not exactly, but we use relative URL in the site.

Any way, my problem is when somebody click on
http://portal.dominio.pri/privado/index.jsp, he should be redirected to
https://portal.dominio.pri/privado/index.jsp but the "Location" header
in the pound reply says "http://portal.dominio.pri/privado/index.jsp";.
Of course, Pound redirect the browser again and again till firefox says
there is a loop in my site.

So Pound is changing "https" with "http" in the redirect. However, if I
change the host in Redirect directive it works perfectly. I mean with

Redirect "https://portal2.dominio.pri";

the "Location" header in the replay says
"https://portal2.dominio.pri/privado/index.jsp";

Thanks for your help.

Regards,
Francisco


El 17/12/10 21:40, Alfonso Espitia escribió:

You added the header information, but in the application are you
checking for the new header?

-----Original Message-----
From: Francisco Ruiz [mailto:[email protected]]
Sent: Friday, December 17, 2010 3:21 PM
To: [email protected]
Subject: Re: [Pound Mailing List] Redirect HTTP to HTTPS

Hi,

I'm doing something similar, but it doesn't work as I expected. This
is my configuration:

--------------------------------------------------------
ListenHTTP

Address W.X.Y.Z
Port 80

RewriteLocation 2

Service "PORTAL_REDIRECTHTTPS"
HeadRequire "Host: portal\.dominio\.pri"
URL "/privado/.*"
Redirect "https://portal.dominio.pri";
End

Service "PORTAL"
HeadRequire "Host: portal\.dominio\.pri"

Backend
Address A.B.C.D
Port 80
End
End
End

ListenHTTPS

Address W.X.Y.Z
Port 443
Cert "/etc/pound/cert/portal/portal.pem"

ClientCert 3 9

CAlist "/etc/pound/cert/ca/CApublicas.pem"
VerifyList "/etc/pound/cert/ca/CApublicas.pem"

NoHTTPS11 2

# Add this header to inform the backend server that this comes from a
https request
AddHeader "X-Forwarded-HTTPS: on"
AddHeader "X-Forwarded-Proto: https"

Service "PORTAL_HTTPS"
HeadRequire "Host: portal\.dominio\.pri"
URL "/privado/.*"

# Avoid SSL forgeries when client certificates used
HeadDeny "X-SSL-Subject: .*"
HeadDeny "X-SSL-Issuer: .*"
HeadDeny "X-SSL-notBefore: .*"
HeadDeny "X-SSL-notAfter: .*"
HeadDeny "X-SSL-serial: .*"
HeadDeny "X-SSL-cipher: .*"
HeadDeny "X-SSL-certificate: .*"

Backend
Address O.P.Q.R
Port 80
End
End
End
--------------------------------------------------------

I'm trying to force SSL when the client go into the URL "/privado/",
but the location the browser recives when it is redirected is
"http://portal.domino.pri/privado/": Pound has switched https to http.
The browser is redirected several times and finally it says there must
be a loop in my site.

I would apreciate your help and experience.

Regards,
Francisco


El 09/12/2010 21:12, Iain Barnett escribió:

Thanks very much for the help and the link.

Regards,
Iain


On 7 Dec 2010, at 13:51, Alfonso Espitia wrote:


I think other people have done it by adding headers in the config,
something like this:

http://www.apsis.ch/pound/pound_list/archive/2005/2005-08/11244427630
00

and then in the application, you can check for the headers and
redirect appropriately (if front-end-https:on then...else...)

--Alfonso

-----Original Message-----
From: Iain Barnett [mailto:[email protected]]
Sent: Monday, December 06, 2010 11:25 PM
To: [email protected]
Subject: [Pound Mailing List] Redirect HTTP to HTTPS

Hi,

I'm trying to use RewriteLocation to redirect HTTP to HTTPS on the
same server, but I'm failing and can't find a single example of how
to use this directive successfully. The man page hasn't illuminated
me at all.

If anyone could share a link or an example to get me started I would
be very grateful.

Regards
Iain
--
To unsubscribe send an email with subject unsubscribe to
[email protected].
Please contact [email protected] for questions.

--
To unsubscribe send an email with subject unsubscribe to
[email protected].
Please contact [email protected] for questions.

--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.


--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.

--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.


--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.




--
Dave Steinberg
http://www.geekisp.com/
http://www.steinbergcomputing.com/
http://www.redterror.net/

--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.

Reply via email to