On 8/6/2012 12:58 PM, Rob Hicks wrote:
Hi.I have a pound config that includes the following listeners. I have added two new services at the end of each of the listeners. The idea is to redirect the user to a proper url. This is necessary for a PCI security scan, which is now complaining that 500 errors are PCI failures. Shouldn't this work? If not, what is the right way to approach this problem? Rob ListenHTTP Address 0.0.0.0 Port 80 Service HeadRequire "(Host: www.example.com <http://www.example.com>)" BackEnd Address 127.0.0.1 Port 8970 End End Service HeadRequire "(Host: secure.example.com <http://secure.example.com>)" Redirect "https://secure.example.com"; End Service Redirect "https://secure.example.com"; End End ListenHTTPS Address 0.0.0.0 Port 443 Cert "/etc/pound/secure.example.com.pem" Ciphers "-ALL +SSLv3 +TLSv1 HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL" xHTTP 2 Service HeadRequire "secure.contractpal.com <http://secure.contractpal.com>" BackEnd Address 127.0.0.1 Port 8970 End End Service Redirect "https://secure.example.com"; End End
This seems like it ought to work. Where is it failing? PS: Your Host header regexps could be improved. Try: HeadRequire "^Host:[ \t]*secure\.example\.com$" -- Dave Steinberg http://www.geekisp.com/ http://www.steinbergcomputing.com/ http://www.redterror.net/ -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
