Hi Francoise,
Can you show me your current pound.cfg file please (replace anything with
X's)

~Scott


On 20 September 2012 15:49, Francoise Dehinbo <
[email protected]> wrote:

> I tried your suggestion below so pound runs on 443 and 80.  All http goes
> from pound to the new perlbal port 8080.  And all https goes through pound
> as usual.  I still have the same problem.  Cannot redirect from http to
> https and vise versa (now that pound is running both ports).
>
> From: Scott McKeown <[email protected]<mailto:[email protected]
> >>
> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:
> [email protected]>>
> Date: Thursday, 20 September 2012 13:40
> To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:
> [email protected]>>
> Subject: Re: [Pound Mailing List] BEAST attack patch for Pound 2.6 cannot
> get certificate
>
> So your Pound Setup and the Web Site are running on the same server, sorry
> I have mine setup in a Proxy mode which is a slightly different setup.
> I don't know perlbal but at a guess you should be able to change the port
> that its listening on in its config file to something like 8080 and then
> with the pound redirect as above inplace but to port 8080 for the BackEnd
>
>
> ~Scott
>
>
> On 20 September 2012 12:51, Francoise Dehinbo <
> [email protected]<mailto:[email protected]>>
> wrote:
> Just for testing, I stopped perlbal, added the ListenHTTP suggestion to
> pound, so now pound runs on ports 443 and 80.  The problem is worse.  I
> cannot go from http to https or from https to http.  So it's definitely
> something with pound!  Previously I reinstalled pound with just plain 2.6
> without any patches and it's the same problem!
>
> From: Scott McKeown <[email protected]<mailto:[email protected]
> ><mailto:[email protected]<mailto:[email protected]>>>
> Reply-To: "[email protected]<mailto:[email protected]><mailto:[email protected]
> <mailto:[email protected]>>" <[email protected]<mailto:[email protected]><mailto:
> [email protected]<mailto:[email protected]>>>
> Date: Thursday, 20 September 2012 12:30
> To: "[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:
> [email protected]>>" <[email protected]<mailto:[email protected]><mailto:
> [email protected]<mailto:[email protected]>>>
> Subject: Re: [Pound Mailing List] BEAST attack patch for Pound 2.6 cannot
> get certificate
>
> Hi Francoise,
>
> OK think I've got it now. Try something like this:
>
>
> User    "nobody"
> Group   "nobody"
> LogLevel 1
>
> ListenHTTPS
>     Address xxx.xxx.xxx.xxx
>     Port    443
>     Cert    "/etc/pound/dev.pem"
>     Ciphers
> "ALL:!aNULL:!ADH:!eNULL:!EXPORT56:RC4+RSA:HIGH:MEDIUM:!LOW:!SSLv2:!EXP:!eNUL:!EXP-DES-CBC-SHA:!EXP-RC2-CBC-MD5:!EXP-RC4-MD5:!EXP-DES-CBC-SHA:!EXP-RC2-CBC-MD5:!EXP-RC4-MD5"
>     AddHeader "X-Secure-Connection: true"
>     Service
>         BackEnd
>             # Send everything PSGI apps
>             Address 127.0.0.1
>             Port    5555
>         End
>     End
> End
> ListenHTTP
>     Address xxx.xxx.xxx.xxx
>     Port    80
>     Service
>         BackEnd
>             Address 127.0.0.1
>             Port    5555
>         End
>     End
> End
>
> This should stop the looping and catch anything that is HTTP and display
> as normal. If you want for FORCE HTTP traffic to HTTPS the Redirect option
> should work
>
> ~Scott
>
> Privacy and Confidentiality Notice:
>
> This is strictly confidential and intended solely for the person or
> organisation to whom it is addressed. It may contain privileged and
> confidential information and if you are not an intended recipient, you must
> not copy, distribute or take any action in reliance on it. If you have
> received this message in error, please notify us as soon as possible and
> delete it and any attached files from your system.
> The views and opinions expressed in this email message are the author's
> own and may not reflect the views and opinions of the author's employer.
>
> Foxtons Limited is registered in England and Wales (registered number
> 01680058).  Our registered office is at Building One, Chiswick Park, 566
> Chiswick High Road, London, W4 5BE.
>
> _____________________________________________________________________
> This e-mail has been scanned for viruses by MessageLabs.
>
> --
> To unsubscribe send an email with subject unsubscribe to [email protected].
> Please contact [email protected] for questions.
>



-- 
With Kind Regards.

Scott McKeown
Loadbalancer.org
http://www.loadbalancer.org

Reply via email to