We successfully run JBoss behind a Pound proxy. We only use Port 8080,
and Pound does SSL termination, so www.example.com:443 gets directed to
local_jboss_server:8080, and the web application runs just fine.
However, we don't use the admin console, so I cannot comment on that.
Cheers,
Andreas.
Hi,
I'd like to set up a service with a URL pattern matching only if the
path does *not* start with one of a list of words.
The following doesn't work:
Service
HeadRequire "Host: .*www.mydomain.com.*"
URL ! "^/project1|^/project2/|^/portal"
RedirectAppend "https://www.mydom
Yes, David,
it is possible to have several ListenHTTPS blocks with their own Cert
configs.
Cheers, Andreas.
Am 30.08.2013 09:11, schrieb D. R.:
> Hi all,
>
> is it possible to let pound run on multiple interfaces with different
> ssl certs?
>
> On http://www.apsis.ch/pound/index_html in the s
07.2013 11:20, Bussi Andrea wrote:
> On 07/17/2013 10:23 AM, Andreas Hilboll wrote:
>> Hi,
>>
>> I want to configure an error page in my pound cfg. For that, I put the
>> line
>>
>> Err503 "/etc/pound/e503.html"
>>
>
> Is it insi
On 17.07.2013 11:20, Bussi Andrea wrote:
> On 07/17/2013 10:23 AM, Andreas Hilboll wrote:
>> Hi,
>>
>> I want to configure an error page in my pound cfg. For that, I put the
>> line
>>
>> Err503 "/etc/pound/e503.html"
>>
>
> Is i
Hi,
I want to configure an error page in my pound cfg. For that, I put the line
Err503 "/etc/pound/e503.html"
into my config, and the file /etc/pound/e503.html does exist. However,
pound complains about an "unknown directive".
I'm using a git checkout from end of April, from
https://github.c
Hi,
Joe stated the links to updated 2.6 and 2.7 branches in this thread:
http://www.apsis.ch/pound/pound_list/archive/2013/2013-04/136765000/index_html
Cheers, Andreas.
On 18.06.2013 14:55, Scott McKeown wrote:
> Hi Peter,
>
> Welcome to Pound.
>
> I'm sure that Joe will jump in at som
Hi Pat,
if I'm not mistaken, the IP address you're looking for is being put into
the X-Forwarded-For header by pound. So you just need to adapt your
nginx logging directive. See, e.g., here:
https://syslog.tv/2011/08/10/nginx-log-real-ip-from-pound/
Hope that helps,
Andreas.
On 21.05.2013 10
> My suggestion to anyone who needs PCI-DSS compliance is to run my branch here:
> https://github.com/goochjj/pound/tree/stage_for_upstream/v2.7b
>
> Zip here:
> https://github.com/goochjj/pound/archive/stage_for_upstream/v2.7b.zip
>
> This is based on 2.7b, and includes a bunch of patches that
Hi Lubomir,
thanks!
> For 2011-3389, I need to disable ciphers deemed unsecure. The solution
> for Apache would be this:
>
>SSLHonorCipherOrder On
>SSLCipherSuite RC4-SHA:HIGH:!ADH
>
>
> Pound 2.7a contains a fix, at GoodData we use the following configuration:
>
>
Hi,
a recent PCI-DSS scan revealed the following vulnerabilities on our
system:
CVE-2011-3389: SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Vulnerability
CVE-2012-4929: SSL/TLS Compression Algorithm Information Leakage
Vulnerability
For 2011-3389, I need to disable ciphers deemed unsecu
Hi,
on my pound 2.6-2, I would like to define multiple URL patterns in a
service. The manpage says it's possible:
You may define multiple URL conditions per service.
However, in a service like this, none of the three patterns seems to
kick in:
Service
URL "^/services/ddEmissionService"
>> we like to have a pound server on standby in case the live server fails.
>> problem is, that we can't keep the pound.cfg centralized as the
>> HTTP/HTTPS Listen -> Address line is server specific.
>>
>> is there a way to fill this variable with the `hostname` for instance?
>>
>> regards,
>>
>> P
Thanks for the clarification, Sander!
> Yes just load all certificates:
> Cert "cert1.pem"
> Cert "cert1.pem"
> Cert "certX.pem"
>
> Pound uses the domain in the CN field of the certificate to match the
correct certificate to the request with SNI.
Which certificate w
Hi Scott,
> ... I'm guessing that you have a WildCard SSL Certificate or a UCC
Certificate that will allow you to correctly encrypt the required
traffic to your backend servers as you can only enable one SSL
Certificate per real IP Address.
Isn't that the whole point of SNI?
https://en.wikip
Is it possible that your Perl application tries to enforce HTTPS? If so,
HTTPS would go from user to Pound, HTTP from Pound to Perl, and Perl would
then redirect to HTTPS, ending in an infinite loop.
Cheers, A.
> It is pretty much what I emailed earlier. /etc/pound/dev.pem is a
> self-sign certi
16 matches
Mail list logo