RE: [Pound Mailing List] Config to Catch All Requests

Mon, 06 Aug 2012 10:45:17 -0700 

Wouldn’t your 443 listener cause a redirect loop?
Also your 443 listener doesn’t have Host: in it…
Joe

From: Rob Hicks [mailto:[email protected]]
Sent: Monday, August 06, 2012 1:29 PM
To: [email protected]
Subject: Re: [Pound Mailing List] Config to Catch All Requests

Dave,

Yes, I didn't put the full RegEx in the HeadRequires in the post.

The last redirect never happens. Pound returns a 503 error.

Rob
On Mon, Aug 6, 2012 at 11:18 AM, Dave Steinberg 
<[email protected]<mailto:[email protected]>> wrote:
On 8/6/2012 12:58 PM, Rob Hicks wrote:
Hi.

I have a pound config that includes the following listeners. I have
added two new services at the end of each of the listeners. The idea is
to redirect the user to a proper url. This is necessary for a PCI
security scan, which is now complaining that 500 errors are PCI failures.

Shouldn't this work? If not, what is the right way to approach this problem?

Rob

ListenHTTP
     Address 0.0.0.0
     Port 80
     Service
         HeadRequire "(Host: www.example.com<http://www.example.com> 
<http://www.example.com>)"

         BackEnd
             Address 127.0.0.1
             Port    8970
         End
     End
     Service
         HeadRequire "(Host: secure.example.com<http://secure.example.com>
<http://secure.example.com>)"

         Redirect "https://secure.example.com";

     End
     Service
         Redirect "https://secure.example.com";
     End
End

ListenHTTPS
     Address 0.0.0.0
     Port    443
Cert    "/etc/pound/secure.example.com.pem"
     Ciphers "-ALL +SSLv3 +TLSv1 HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL"
     xHTTP 2
     Service
         HeadRequire "secure.contractpal.com<http://secure.contractpal.com>
<http://secure.contractpal.com>"

         BackEnd
             Address 127.0.0.1
             Port    8970
         End
     End
Service
         Redirect "https://secure.example.com";
     End
End

This seems like it ought to work.  Where is it failing?

PS: Your Host header regexps could be improved.  Try:

HeadRequire "^Host:[ \t]*secure\.example\.com$"

--
Dave Steinberg
http://www.geekisp.com/
http://www.steinbergcomputing.com/
http://www.redterror.net/

--
To unsubscribe send an email with subject unsubscribe to 
[email protected]<mailto:[email protected]>.
Please contact [email protected]<mailto:[email protected]> for questions.

Reply via email to