Re: [Pound Mailing List] Redirect HTTP to HTTPS

Wed, 29 Dec 2010 04:52:32 -0800 

Hi,
I've found the answer to my problem. There is nothing wrong with pound and its reply goes with the correct location header, but I've found an ISA server is in front of pound and it makes the change. 

Sorry for the inconveniences.

Regards,
Francisco Ruiz


El 18/12/2010 8:10, Francisco Ruiz escribió:

Hi,

Not exactly, but we use relative URL in the site.


Any way, my problem is when somebody click on 
http://portal.dominio.pri/privado/index.jsp, he should be redirected 
to https://portal.dominio.pri/privado/index.jsp but the "Location" 
header in the pound reply says 
"http://portal.dominio.pri/privado/index.jsp";. Of course, Pound 
redirect the browser again and again till firefox says there is a loop 
in my site.



So Pound is changing "https" with "http" in the redirect. However, if 
I change the host in Redirect directive it works perfectly. I mean with


     Redirect "https://portal2.dominio.pri";


the "Location" header in the replay says 
"https://portal2.dominio.pri/privado/index.jsp";


Thanks for your help.

Regards,
Francisco


El 17/12/10 21:40, Alfonso Espitia escribió:

You added the header information, but in the application are you 
checking for the new header?


-----Original Message-----
From: Francisco Ruiz [mailto:[email protected]]
Sent: Friday, December 17, 2010 3:21 PM
To: [email protected]
Subject: Re: [Pound Mailing List] Redirect HTTP to HTTPS

Hi,


I'm doing something similar, but it doesn't work as I expected.  This 
is my configuration:


--------------------------------------------------------
ListenHTTP

    Address W.X.Y.Z
    Port 80

    RewriteLocation 2

    Service "PORTAL_REDIRECTHTTPS"
      HeadRequire "Host: portal\.dominio\.pri"
      URL "/privado/.*"
      Redirect "https://portal.dominio.pri";
    End

    Service "PORTAL"
      HeadRequire "Host: portal\.dominio\.pri"

      Backend
        Address A.B.C.D
        Port 80
      End
    End
End

ListenHTTPS

    Address W.X.Y.Z
    Port 443
    Cert "/etc/pound/cert/portal/portal.pem"

    ClientCert 3 9

    CAlist "/etc/pound/cert/ca/CApublicas.pem"
    VerifyList "/etc/pound/cert/ca/CApublicas.pem"

    NoHTTPS11 2


    # Add this header to inform the backend server that this comes 
from a https request

    AddHeader "X-Forwarded-HTTPS: on"
    AddHeader "X-Forwarded-Proto: https"

    Service "PORTAL_HTTPS"
      HeadRequire "Host: portal\.dominio\.pri"
      URL "/privado/.*"

      # Avoid SSL forgeries when client certificates used
      HeadDeny "X-SSL-Subject: .*"
      HeadDeny "X-SSL-Issuer: .*"
      HeadDeny "X-SSL-notBefore: .*"
      HeadDeny "X-SSL-notAfter: .*"
      HeadDeny "X-SSL-serial: .*"
      HeadDeny "X-SSL-cipher: .*"
      HeadDeny "X-SSL-certificate: .*"

      Backend
        Address O.P.Q.R
        Port 80
      End
    End
End
--------------------------------------------------------


I'm trying to force SSL when the client go into the URL "/privado/", 
but the location the browser recives when it is redirected is

"http://portal.domino.pri/privado/": Pound has switched https to http.

The browser is redirected several times and finally it says there 
must be a loop in my site.


I would apreciate your help and experience.

Regards,
Francisco


El 09/12/2010 21:12, Iain Barnett escribió:

Thanks very much for the help and the link.

Regards,
Iain


On 7 Dec 2010, at 13:51, Alfonso Espitia wrote:


I think other people have done it by adding headers in the config,
something like this:

http://www.apsis.ch/pound/pound_list/archive/2005/2005-08/11244427630
00

and then in the application, you can check for the headers and
redirect appropriately (if front-end-https:on then...else...)

--Alfonso

-----Original Message-----
From: Iain Barnett [mailto:[email protected]]
Sent: Monday, December 06, 2010 11:25 PM
To: [email protected]
Subject: [Pound Mailing List] Redirect HTTP to HTTPS

Hi,

I'm trying to use RewriteLocation to redirect HTTP to HTTPS on the
same server, but I'm failing and can't find a single example of how

to use this directive successfully. The man page hasn't illuminated 
me at all.


If anyone could share a link or an example to get me started I would
be very grateful.

Regards
Iain
--

To unsubscribe send an email with subject unsubscribe to 
[email protected].

Please contact [email protected] for questions.

--

To unsubscribe send an email with subject unsubscribe to 
[email protected].

Please contact [email protected] for questions.

--

To unsubscribe send an email with subject unsubscribe to 
[email protected].

Please contact [email protected] for questions.


--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.

--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.


--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.



--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.























					Reply via email to