Dave, Yes, I didn't put the full RegEx in the HeadRequires in the post.
The last redirect never happens. Pound returns a 503 error. Rob On Mon, Aug 6, 2012 at 11:18 AM, Dave Steinberg <[email protected]> wrote: > On 8/6/2012 12:58 PM, Rob Hicks wrote: > >> Hi. >> >> I have a pound config that includes the following listeners. I have >> added two new services at the end of each of the listeners. The idea is >> to redirect the user to a proper url. This is necessary for a PCI >> security scan, which is now complaining that 500 errors are PCI failures. >> >> Shouldn't this work? If not, what is the right way to approach this >> problem? >> >> Rob >> >> ListenHTTP >> Address 0.0.0.0 >> Port 80 >> Service >> HeadRequire "(Host: www.example.com <http://www.example.com>)" >> >> BackEnd >> Address 127.0.0.1 >> Port 8970 >> End >> End >> Service >> HeadRequire "(Host: secure.example.com >> <http://secure.example.com>)" >> >> Redirect "https://secure.example.com"; >> >> End >> Service >> Redirect "https://secure.example.com"; >> End >> End >> >> ListenHTTPS >> Address 0.0.0.0 >> Port 443 >> Cert "/etc/pound/secure.example.**com.pem" >> Ciphers "-ALL +SSLv3 +TLSv1 HIGH:!SSLv2:!ADH:!aNULL:!**eNULL:!NULL" >> xHTTP 2 >> Service >> HeadRequire "secure.contractpal.com >> <http://secure.contractpal.com**>" >> >> BackEnd >> Address 127.0.0.1 >> Port 8970 >> End >> End >> Service >> Redirect "https://secure.example.com"; >> End >> End >> > > This seems like it ought to work. Where is it failing? > > PS: Your Host header regexps could be improved. Try: > > HeadRequire "^Host:[ \t]*secure\.example\.com$" > > -- > Dave Steinberg > http://www.geekisp.com/ > http://www.steinbergcomputing.**com/ <http://www.steinbergcomputing.com/> > http://www.redterror.net/ > > -- > To unsubscribe send an email with subject unsubscribe to [email protected]. > Please contact [email protected] for questions. >
