We're having a problem with a java webapp that sits behind our pound proxy.
All features of the site work fine when accessed via standard http. But
when accessed via https, redirects returned from various pages fail.
The login page, for example works when accessed via http and not via
https. The login page's response is a redirect.
Here's the CURL for both a successfull HTTP request and a unsuccessful
HTTPS request for a POST to the login form (a login attempt). The
resulting response (for either a valid or invalid login) is a redirect:
HTTP (this works)
-----------------
> curl -i -d
"emailAddress=gweb(at)greywether.com&clearTextPassword=yw84f8"
http://www.expeditiontea.com/karta/login_ProcessForm.action
HTTP/1.1 302 Moved Temporarily
Set-Cookie: JSESSIONID=EFF5FB4761150F57AB560115694B4E5B; Path=/karta
Location:
http://www.expeditiontea.com/karta/productCategories_Show.action;jsessionid=EFF5FB4761150F57AB560115694B4E5B
Content-Length: 0
Date: Thu, 01 Sep 2005 01:49:21 GMT
Server: Apache-Coyote/1.1
HTTPS (this fails)
------------------
> curl -i -d
"emailAddress=examp(at)greywether.com&clearTextPassword=pw"
https://www.expeditiontea.com/karta/login_ProcessForm.action
HTTP/1.1 302 Moved Temporarily
Set-Cookie: JSESSIONID=439D653BD4972F695CB1A7A499A09AF4; Path=/karta
Location:
http://www.expeditiontea.com:443/karta/productCategories_Show.action;jsessionid=439D653BD4972F695CB1A7A499A09AF4
Content-Length: 0
Date: Thu, 01 Sep 2005 01:45:51 GMT
Server: Apache-Coyote/1.1
(Note that the RewriteRedirect feature has no effect on the above. I
get the same response with it either On or off (1 or 0). The above was
captured with RewriteRedirect off (0).)
----
The problem in the above is obvious. The "location" when it gets back
to the browser (or in this case curl) is written as:
http://www.expeditiontea.com:443...
That's a standard http request onthe https port (443). Bad. Seems to
me the redirect "location" should be written as:
https://www.expeditiontea.com...
----
One other item of note is that with RewriteRedirect "on" the post
requests take a relatively long time to process (2 seconds or so
compared to "instantaneous" with it off). This leaves me wondering if
pound is doing some sort of dns resolve when it tries to rewrite
redirects and, since our internal dns isn't setup for this server, that
would fail. So maybe that's the whole problem? I need to turn on
RewriteRedirect but get reverse-dns working for the local servers IP?
Any help you can provide is, as always, most appreciated.
Thanks!
- Gary
P.S. Pound config file follows:
######################################################################
## global options:
User www-data
Group www-data
#RootJail /chroot/pound
## allow PUT and DELETE also (by default only GET, POST and HEAD)?:
ExtendedHTTP 1
WebDAV 1
## Logging: (goes to syslog by default)
## 0 no logging
## 1 normal
## 2 extended
## 3 Apache-style (common log format)
LogLevel 2
## check backend every X secs:
Alive 30
## use hardware-accelleration card supported by openssl(1):
#SSLEngine <hw>
## disable pound's redirect rewriting
RewriteRedirect 0
######################################################################
## listen, redirect and ... to:
## redirect all requests on port 8888 ("ListenHTTP") to the local
webserver see "UrlGroup" below):
ListenHTTP 207.118.16.116,80
ListenHTTPS 207.118.16.116,443 /etc/pound/www.expeditiontea.com.pem
##
UrlGroup ".*"
HeadRequire Host ".*projects.greywether.com.*"
BackEnd 192.168.73.2,80,1
EndGroup
UrlGroup ".*"
HeadRequire Host ".*www.expeditiontea.com.*"
BackEnd 192.168.73.4,8080,1
EndGroup
UrlGroup ".*"
BackEnd 192.168.73.6,80,1
EndGroup
|
