Ok, we could solve this problem by changing RewiteLocation 2
to RewiteLocation 0 in the ListenHTTPS and ListenHTTP sections. we are not sure yet what has changed from 2.6 to 2.7 as it worked with RewiteLocation 2 in version 2.6. generally, how should the ListenHTTPS and ListenHTTP sections look like for a setup, where we redirect HTTP requests to HTTPS requests at the cluster server level (not by pound itself). On Fri, May 31, 2013 at 1:21 PM, Pat Erler <[email protected]> wrote: > hi, > > for PCI compliance we installed these patched versions: > > http://www.apsis.ch/pound/pound_list/archive/2013/2013-04/1367222265000 > > when we change the DNS entry to the new server, we got strange SSL > redirect loops in our system. > > this could be an issue on our side, but we wonder, why it didn't happen > with 2.6 pure, but it does happen with 2.6/7b patched. > > our setup is basically, that we have two pairs of servers (2x IIS, 2x > rails) and a regex in the pound config, what should go where. on the IIS > and on the rails server are areas, which are only accessible by https - > when a request to this area comes in as http://URL a redirect to > https://URL is made. these redirect seem to bounce around until a loop is > complete.. > > is there a change in the pound versions above which could trigger this? > the change we are aware of is, that SSL compression is disabled (this is > one of the newer vulnerabilities PCI is complaining about). > > any help is appreciated.. > > PAT > > -- > *Pat Erler* > Gtalk/G+: [email protected] > <[email protected]>Skype: pat_erler > -- *Pat Erler* Gtalk/G+: [email protected] <[email protected]>Skype: pat_erler
