Hi!
I'm running Pound as a reverse-proxy for our sharepoint services and OWA
quite successfully. However, I couldn't manage to enable HTTPS-Access to
pound being redirected to HTTP on our back-end server.
I did reach a milstone today when I set
NoHTTPS11 0
In my pound.cfg. Now IE 6.x connects via https without problems. OWA
works fine. But: Using the sharepoint services, not all hyperlinks are
rewritten from http to https. 
Example:
- I connect to https://W.X.Y.Z/Intranet
- The hyperlinks in the navigation plane point to
https://W.X.Y.Z/Intranet/ExampleList/Forms/AllItems.aspx
- The hyperlinks in the content STILL point to
http://W.X.Y.Z/Intranet/Lists/Example/DispForm.aspx?ID=96, without
https.

I could not figure out why pound doesn't rewrite these URLs correctly; I
did use the 2 variants of HTTPSHeaders shown below. Any suggestions
would be appreciated.

My pound.cfg:

---BEGIN---
User            wwwrun
Group           www
#RootJail       /chroot/pound

#HTTPSHeaders 0 "Front-End-Https: on proxy:on"
HTTPSHeaders 0 "Front-End-Https: on"
ExtendedHTTP    1
WebDAV          1
NoHTTPS11       0

Client 1
Server 120
LogLevel        2
Alive           120

ListenHTTP *,80
ListenHTTPS *,443 /usr/local/etc/pound.pem
ALL:!ADH:EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

UrlGroup ".*"
BackEnd 192.168.23.1,80,1
Session BASIC 300
EndGroup

---END---

Best regards,
Oliver

Hi!
I could have done this before my previous post, but this sheds some light:
Looking at the source code of the page, I found out that the URLs in the
NavPlane (those that work) are relative, while the others are absolute - but
with the correct external IP adress!

Oliver 

-----Ursprüngliche Nachricht-----
Von: Dr. Oliver C. Radke 
Gesendet: Freitag, 19. August 2005 12:01
An: pound(at)apsis.ch
Betreff: [Pound Mailing List] Pound as SSL-Wrapper for IIS - a step further

Hi!
I'm running Pound as a reverse-proxy for our sharepoint services and OWA quite
successfully. However, I couldn't manage to enable HTTPS-Access to pound being
redirected to HTTP on our back-end server.
I did reach a milstone today when I set
NoHTTPS11 0
In my pound.cfg. Now IE 6.x connects via https without problems. OWA works
fine. But: Using the sharepoint services, not all hyperlinks are rewritten from
http to https. 
Example:
- I connect to https://W.X.Y.Z/Intranet
- The hyperlinks in the navigation plane point to
https://W.X.Y.Z/Intranet/ExampleList/Forms/AllItems.aspx
- The hyperlinks in the content STILL point to
http://W.X.Y.Z/Intranet/Lists/Example/DispForm.aspx?ID=96, without https.

I could not figure out why pound doesn't rewrite these URLs correctly; I did
use the 2 variants of HTTPSHeaders shown below. Any suggestions would be
appreciated.

My pound.cfg:

---BEGIN---
User            wwwrun
Group           www
#RootJail       /chroot/pound

#HTTPSHeaders 0 "Front-End-Https: on proxy:on"
HTTPSHeaders 0 "Front-End-Https: on"
ExtendedHTTP    1
WebDAV          1
NoHTTPS11       0

Client 1
Server 120
LogLevel        2
Alive           120

ListenHTTP *,80
ListenHTTPS *,443 /usr/local/etc/pound.pem
ALL:!ADH:EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

UrlGroup ".*"
BackEnd 192.168.23.1,80,1
Session BASIC 300
EndGroup

---END---

Best regards,
Oliver

--
To unsubscribe send an email with subject 'unsubscribe' to pound(at)apsis.ch.
Please contact roseg(at)apsis.ch for questions.
http://192.168.1.2:8080/Apsis/pound/pound_list/archive/2005/2005-08/1124442763000

On Fri, 19 Aug 2005 12:22:02 +0200 "Dr. Oliver C. Radke"
<oradke(at)pcat.de> wrote:

> Hi!
> I could have done this before my previous post, but this sheds some
> light: Looking at the source code of the page, I found out that the
> URLs in the NavPlane (those that work) are relative, while the others
> are absolute - but with the correct external IP adress!
> 
> Oliver 
> 
> -----Ursprüngliche Nachricht-----
> Von: Dr. Oliver C. Radke 
> Gesendet: Freitag, 19. August 2005 12:01
> An: pound(at)apsis.ch
> Betreff: [Pound Mailing List] Pound as SSL-Wrapper for IIS - a step
> further
> 
> Hi!
> I'm running Pound as a reverse-proxy for our sharepoint services and
> OWA quite successfully. However, I couldn't manage to enable
> HTTPS-Access to pound being redirected to HTTP on our back-end server.
> I did reach a milstone today when I set NoHTTPS11 0
> In my pound.cfg. Now IE 6.x connects via https without problems. OWA
> works fine. But: Using the sharepoint services, not all hyperlinks are
> rewritten from http to https. Example:
> - I connect to https://W.X.Y.Z/Intranet
> - The hyperlinks in the navigation plane point to
> https://W.X.Y.Z/Intranet/ExampleList/Forms/AllItems.aspx
> - The hyperlinks in the content STILL point to
> http://W.X.Y.Z/Intranet/Lists/Example/DispForm.aspx?ID=96, without
> https.
> 
> I could not figure out why pound doesn't rewrite these URLs correctly;
> I did use the 2 variants of HTTPSHeaders shown below. Any suggestions
> would be appreciated.

Pound does not change the contents of the Web pages. That means that if
you have a link in there it will appear in the browser exactly as
generated by the back-end server.

A relative link will always work fine: the browser uses the "base" URL
and adds the relative link, thus you get your https://... link. An
absolute link stays as it is, and you get the http://...

This is not a Pound question, but has to do with your back-end server
and/or HTML pages. Make sure you use relative links, and that if your
back-end generates absolute links (some back-ends do that automatically)
then it generates the correct ones. The HTTPSHeaders directive you show
is supposed to help with that.

Hope this helps some.
-- 
Robert Segall
Apsis GmbH
Postfach, Uetikon am See, CH-8707
Tel: +41-44-920 4904