Since all connections to apache *are* http, it will always think it needs to be
redirected if using the tools available to apache. (i.e. SSL to pound means
HTTPS=off on the apache side)
2 solutions I can think of.
1) Remove the rewrite from apache, and set up Pound using Redirect
directives to do your https forcing. (i.e. on your port 80 listener, do NOT
put a backend connection to 8000, instead use a redirect directive to redirect
to https. In your 443 listener, you do a backend to 443) Drawback here is
pound does not do rewriting in the redirect directive (unless you’re using my
RedirectAppend or RedirectDynamic patches), so the best you could do is
redirect to a static URL.
2) Fix the rewrite rule to be Pound aware. In your Pound 443 listener,
add the directive AddHeader “Front-End-Https: on” to your config. In
mod_rewrite, instead of checking against the HTTPS variable, or the server
port, check against %{HTTP:Front-End-Https} to determine if pound has told you
the front end connection is SSL.
Joe
From: Pritpal Sabharwal [mailto:[email protected]]
Sent: Tuesday, May 10, 2011 5:56 PM
To: [email protected]
Subject: [Pound Mailing List] Pound & Apache2 mod_rewrite redirects
Hi,
I have just setup pound with a apache2 server as the backend. Currently it is a
very simple setup for testing purposes with everything running on the one
server. Pound listening on the public IP, ports 80 and 443. Apache2 listens on
localhost, port 8000.
HTTP traffic is served correctly as is HTTPS traffic. The problem occurs when
using RewriteRules in a htaccess file for a domain which simply redirects all
http traffic to https. The redirection works fine when just apache is being
used, bringing in pound causes some sort of loop, where multiple requests are
made for the same URL, eventually a timeout occurs with no content being served.
I don't have access to server logs and such like at this moment, but from what
I saw of them:
- pound logs show GET requests for the content requested.
- apache2 rewrite logs show a 301 redirect being forced to https.
Any pointers as to what could be going wrong? Have I missed some configuration
option in pound?
Any help will be appreciated.
--
Pritpal
[email protected]
