Hi All
Scott, Ivo, thanks for your help with my problem.
It took a little playing around but I got there in the end.
I ended up using the AddHeader method because I could get it to work in both
directions more easily.
I.e. Forcing access to login / register to be https while also forcing access
to all other pages to be http.
In case anyone else is interested, I did the following;
In apache .htaccess file
RewriteEngine On
RewriteBase /
# force https for /login and /register
RewriteCond %{HTTP:IS_SSL} !^SSL$
RewriteRule ^(login|register)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# don't do anything for images/css/js (leave protocol as is)
RewriteRule \.(gif|jpe?g|png|css|js)$ - [NC,L]
# force http for all other URLs
RewriteCond %{HTTP:IS_SSL} ^SSL$
RewriteCond %{REQUEST_URI} !^/(login|register)$
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
In pound
ListenHTTP
Address W.X.Y.Z
Port 80
RewriteLocation 2
# Flooting.com
Service
HeadRequire "(Host: site.com)"
BackEnd
Address A.B.C.D
Port 80
End
End
End
ListenHTTPS
Address W.X.Y.Z
Port 443
Cert "/etc/ssl/certs/site.pem"
AddHeader "IS_SSL: SSL"
RewriteLocation 2
Service
HeadRequire "(Host: site.com)"
BackEnd
Address A.B.C.D
Port 80
End
End
End
The essential part is the RewriteLocation 2, without that, I still get a mail
loop.
Cheers
Mark.
On Jan 15, 2013, at 11:31 AM, [email protected] wrote:
> hi mark
>
> i add this to the listenHTTPS
> AddHeader "IS_SSL: SSL"
>
> so http-requests on apache side that entered as https to pound got this
> header.
>
> then i do something like this on apache:
> RewriteEngine On
> RewriteCond %{HTTP:IS_SSL} !^SSL$
> RewriteRule ^(.*) https://site.com/$1 [L,R=301]
>
> good luck and cheers.ivo
>
> On 01/15/2013 11:18 AM, mark hardwick wrote:
>> Of course, I see what's happening now,
>> pound is seeing a request to https://site.com/login, decrypting the
>> connection, sending it to http://site.com/login which is then redirecting
>> the request back to https.
>> therefore a loop.
>>
>> ok, so what is the right way to tackle this problem?
>>
>> thanks
>> mark.
>>
>> On Jan 15, 2013, at 10:58 AM, mark hardwick wrote:
>>
>>> Hi All,
>>> I'm fairly new to both pound and apache configuration. I think the issue
>>> I'm having is with pound configuration, but please excuse me if it's
>>> actually apache.
>>>
>>> Ok, I want to configure my site so that if people head to
>>> http://site.com/login they are redirected to https://site.com/login but, if
>>> they try to browse to https://site.com/somewhere_else then they are
>>> redirected to http://site.com/somewhere_else.
>>>
>>> I have installed my security certificate which is working. I can browse
>>> http and https.
>>> I have configured pound to deal with the http and https as follows:
>>>
>>> ListenHTTP
>>> Address 91.187.69.155
>>> Port 80
>>>
>>> Service
>>> HeadRequire "(Host: flooting.com|Host: www.flooting.com)"
>>> BackEnd
>>> Address 192.168.0.2
>>> Port 80
>>> End
>>> BackEnd
>>> Address 192.168.0.3
>>> Port 80
>>> End
>>> End
>>> End
>>>
>>> ListenHTTPS
>>> Address 91.187.69.155
>>> Port 443
>>> Cert "/etc/ssl/flooting.com.pem"
>>>
>>> Service
>>> HeadRequire "(Host: flooting.com|Host: www.flooting.com)"
>>> BackEnd
>>> Address 192.168.0.2
>>> Port 80
>>> End
>>> BackEnd
>>> Address 192.168.0.3
>>> Port 80
>>> End
>>> End
>>> End
>>>
>>>
>>> I have configured apache ReWrite rules as follows:
>>>
>>> RewriteEngine On
>>> RewriteBase /
>>>
>>> # force https for /login and /register etc
>>> RewriteCond %{HTTPS} =off
>>> RewriteRule ^(login|register)$ https://%{HTTP_HOST}%{REQUEST_URI}
>>> [R=301,L]
>>>
>>> # don't do anything for images/css/js (leave protocol as is)
>>> RewriteRule \.(gif|jpe?g|png|css|js)$ - [NC,L]
>>>
>>> # force http for all other URLs
>>> RewriteCond %{HTTPS} =on
>>> RewriteCond %{REQUEST_URI} !^/(login|register|payment\/status|gopro)$
>>> RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
>>>
>>>
>>> However the configuration does not work.
>>> It leads to a redirect loop error, which *appears* to be in pound.
>>> I say that because if I browse to flooting.com/login, pound attempts to
>>> send the request to /login about 10 times and then gives up.
>>> At this point the browser responds with a "this webpage has a redirect
>>> loop" error. there are no errors in the apache logs.
>>>
>>> I've tried get this working with just one backend webserver configured in
>>> pound, however I still get a mail loop.
>>> So, what am I doing wrong? Is this even remotely the correct approach to
>>> this problem or is there a better way?
>>>
>>> Thanks for your help
>>> Mark.
>>>
>>>
>>> --
>>> To unsubscribe send an email with subject unsubscribe to [email protected].
>>> Please contact [email protected] for questions.
>>
>>
>> --
>> To unsubscribe send an email with subject unsubscribe to [email protected].
>> Please contact [email protected] for questions.
>>
>
>
>
> --
> To unsubscribe send an email with subject unsubscribe to [email protected].
> Please contact [email protected] for questions.
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.
