Hello Hall, Hall Barricklow <[email protected]> (Mon Jul 25 21:18:37 2011): > Yes, I've seen the many, many multitudes of posts on this topic, but nothing … > It almost sounds like the issue described on the pound homepage with regard > to zope: > > " A special problem arises when you try using *Pound* as an SSL wrapper: > Zope assumes that the requests are made via HTTP and insists on prepending > 'http://' to the (correct) address in the replies, including in the tag and > the absolute URLs it generates (for images for example). This is clearly an > undesirable behavior. "
I'm not sure about my understanding here. But -- IFF I understand well, then everything sounds as it should. If your applications insists on being more clever then you (read: if your application thinks, it knows the complete URL, not only the path, the client used), you need to fix the application. But this seems to be no option for you. The next option I see, is using HTTPS for connecting from Pound to your Apache box. Recent Pounds are capable of doing this. Of course, you loose the benefit from offloading SSL operations to the pound, but still you can have private/unofficial certificates for the backend connection, saving licence costs for officially signed certs. The last and most fragile option would be a content filter, rewriting all URLs, your backend generates. But this is a hard job and error prone. Rewriting redirects is easy (and can be done by pound, I think), but rewriting content embedded URLs is almost always incomplete. -- Heiko :: dresden : linux : SCHLITTERMANN.de GPG Key 48D0359B : 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B
signature.asc
Description: Digital signature
