Joe, Good catch on the Host.
Yes the SSL listener creates a redirect loop. But that is part of what I don't understand. According to what I have read, shouldn't the first service block service the request if the HeadRequire is met? If not, the request would fall through to the next service, which would create the redirect. What I need to do is this: 1) if a request comes in that with the proper name in host, service the request through the associated backends. 2) if a request comes in without the proper name in host, redirect the user to the login page. How does service matching occur? Does it occur top down? Rob On Mon, Aug 6, 2012 at 11:39 AM, Joe Gooch <[email protected]> wrote: > Wouldn’t your 443 listener cause a redirect loop?**** > > Also your 443 listener doesn’t have Host: in it…**** > > Joe**** > > ** ** > > *From:* Rob Hicks [mailto:[email protected]] > *Sent:* Monday, August 06, 2012 1:29 PM > *To:* [email protected] > *Subject:* Re: [Pound Mailing List] Config to Catch All Requests**** > > ** ** > > Dave,**** > > ** ** > > Yes, I didn't put the full RegEx in the HeadRequires in the post.**** > > ** ** > > The last redirect never happens. Pound returns a 503 error.**** > > ** ** > > Rob**** > > On Mon, Aug 6, 2012 at 11:18 AM, Dave Steinberg <[email protected]> > wrote:**** > > On 8/6/2012 12:58 PM, Rob Hicks wrote:**** > > Hi. > > I have a pound config that includes the following listeners. I have > added two new services at the end of each of the listeners. The idea is > to redirect the user to a proper url. This is necessary for a PCI > security scan, which is now complaining that 500 errors are PCI failures. > > Shouldn't this work? If not, what is the right way to approach this > problem? > > Rob > > ListenHTTP > Address 0.0.0.0 > Port 80 > Service**** > > HeadRequire "(Host: www.example.com <http://www.example.com>)"*** > * > > > BackEnd > Address 127.0.0.1 > Port 8970 > End > End > Service > HeadRequire "(Host: secure.example.com**** > > <http://secure.example.com>)"**** > > > Redirect "https://secure.example.com"; > > End > Service > Redirect "https://secure.example.com"; > End > End > > ListenHTTPS > Address 0.0.0.0 > Port 443 > Cert "/etc/pound/secure.example.com.pem" > Ciphers "-ALL +SSLv3 +TLSv1 HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL" > xHTTP 2 > Service > HeadRequire "secure.contractpal.com**** > > <http://secure.contractpal.com>"**** > > > BackEnd > Address 127.0.0.1 > Port 8970 > End > End > Service > Redirect "https://secure.example.com"; > End > End**** > > > This seems like it ought to work. Where is it failing? > > PS: Your Host header regexps could be improved. Try: > > HeadRequire "^Host:[ \t]*secure\.example\.com$" > > -- > Dave Steinberg > http://www.geekisp.com/ > http://www.steinbergcomputing.com/ > http://www.redterror.net/ > > -- > To unsubscribe send an email with subject unsubscribe to [email protected]. > Please contact [email protected] for questions.**** > > ** ** >
