I tried your suggestion below so pound runs on 443 and 80. All http goes from pound to the new perlbal port 8080. And all https goes through pound as usual. I still have the same problem. Cannot redirect from http to https and vise versa (now that pound is running both ports).
From: Scott McKeown <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Thursday, 20 September 2012 13:40 To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: [Pound Mailing List] BEAST attack patch for Pound 2.6 cannot get certificate So your Pound Setup and the Web Site are running on the same server, sorry I have mine setup in a Proxy mode which is a slightly different setup. I don't know perlbal but at a guess you should be able to change the port that its listening on in its config file to something like 8080 and then with the pound redirect as above inplace but to port 8080 for the BackEnd ~Scott On 20 September 2012 12:51, Francoise Dehinbo <[email protected]<mailto:[email protected]>> wrote: Just for testing, I stopped perlbal, added the ListenHTTP suggestion to pound, so now pound runs on ports 443 and 80. The problem is worse. I cannot go from http to https or from https to http. So it's definitely something with pound! Previously I reinstalled pound with just plain 2.6 without any patches and it's the same problem! From: Scott McKeown <[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>> Reply-To: "[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>" <[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>> Date: Thursday, 20 September 2012 12:30 To: "[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>" <[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>> Subject: Re: [Pound Mailing List] BEAST attack patch for Pound 2.6 cannot get certificate Hi Francoise, OK think I've got it now. Try something like this: User "nobody" Group "nobody" LogLevel 1 ListenHTTPS Address xxx.xxx.xxx.xxx Port 443 Cert "/etc/pound/dev.pem" Ciphers "ALL:!aNULL:!ADH:!eNULL:!EXPORT56:RC4+RSA:HIGH:MEDIUM:!LOW:!SSLv2:!EXP:!eNUL:!EXP-DES-CBC-SHA:!EXP-RC2-CBC-MD5:!EXP-RC4-MD5:!EXP-DES-CBC-SHA:!EXP-RC2-CBC-MD5:!EXP-RC4-MD5" AddHeader "X-Secure-Connection: true" Service BackEnd # Send everything PSGI apps Address 127.0.0.1 Port 5555 End End End ListenHTTP Address xxx.xxx.xxx.xxx Port 80 Service BackEnd Address 127.0.0.1 Port 5555 End End End This should stop the looping and catch anything that is HTTP and display as normal. If you want for FORCE HTTP traffic to HTTPS the Redirect option should work ~Scott Privacy and Confidentiality Notice: This is strictly confidential and intended solely for the person or organisation to whom it is addressed. It may contain privileged and confidential information and if you are not an intended recipient, you must not copy, distribute or take any action in reliance on it. If you have received this message in error, please notify us as soon as possible and delete it and any attached files from your system. The views and opinions expressed in this email message are the author's own and may not reflect the views and opinions of the author's employer. Foxtons Limited is registered in England and Wales (registered number 01680058). Our registered office is at Building One, Chiswick Park, 566 Chiswick High Road, London, W4 5BE. _____________________________________________________________________ This e-mail has been scanned for viruses by MessageLabs. -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
