|
/
Zope
/
Apsis
/
Pound Mailing List
/
Archive
/
2005
/
2005-09
/
BackendServer access over HTTPS
[
Performance problem with JSP's / Andrew Hughes ... ]
[
Client certificates / "Matthew Bennetts ... ]
BackendServer access over HTTPS
KOZMAN Balint <bkozman(at)imind.hu> |
2005-09-12 18:45:29 |
[ SNIP ]
|
Hi All,
I know that a similar topic has been discussed at least once on this
list, but my situation is a bit different. I have a site which redirects
all plain http requests to https with an apache redirect rule.
Useful content will only be served through https. Now I wanted to drop the
site behind a pound proxy, but I ran into the problem that pound will only
communicate with the backends through http and as a result a nice loop
occures.
Could someone suggest a nice solution (where "nice" means the "least
possible hacking") ?
Is it possible to put the redirection to the proxy level? That would also
do the job.
Thanks in advance,
Balint
|
|
|
RE: [Pound Mailing List] BackendServer access over HTTPS
"Joe Gooch" <mrwizard(at)k12system.com> |
2005-09-12 22:15:47 |
[ SNIP ]
|
I have the SSL certificate on my Pound server, so the pound server does
all the SSL encryption. I also use the:
HTTPSHeaders 0 "Front-End-Https: on"
Directive, so that every request that hits the backend server will have
Front-End-Https: on in their headers. You could then modify your
rewrite rule to redirect to a ssl url (that points to your POUND URL) if
this header isn't present.
Joe
> -----Original Message-----
> From: KOZMAN Balint [mailto:bkozman(at)imind.hu]
> Sent: Monday, September 12, 2005 12:45 PM
> To: pound(at)apsis.ch
> Subject: [Pound Mailing List] BackendServer access over HTTPS
>
>
> Hi All,
>
>
> I know that a similar topic has been discussed at least once on this
> list, but my situation is a bit different. I have a site which
redirects
> all plain http requests to https with an apache redirect rule.
> Useful content will only be served through https. Now I wanted to drop
the
> site behind a pound proxy, but I ran into the problem that pound will
only
> communicate with the backends through http and as a result a nice loop
> occures.
>
> Could someone suggest a nice solution (where "nice" means the "least
> possible hacking") ?
>
> Is it possible to put the redirection to the proxy level? That would
also
> do the job.
>
>
> Thanks in advance,
> Balint
>
>
>
> --
> To unsubscribe send an email with subject 'unsubscribe' to
pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
> http://192.168.1.2:8080/Apsis/pound/pound_list/archive/2005/2005-
> 09/1126543529000
|
|
|
RE: [Pound Mailing List] BackendServer access over HTTPS
KOZMAN Balint <bkozman(at)imind.hu> |
2005-09-13 13:05:06 |
[ SNIP ]
|
Hello,
Thanks for the advice, this solution works fine.
Balint
On Mon, 12 Sep 2005, Joe Gooch wrote:
> I have the SSL certificate on my Pound server, so the pound server does
> all the SSL encryption. I also use the:
> HTTPSHeaders 0 "Front-End-Https: on"
>
> Directive, so that every request that hits the backend server will have
> Front-End-Https: on in their headers. You could then modify your
> rewrite rule to redirect to a ssl url (that points to your POUND URL) if
> this header isn't present.
>
> Joe
>
> > -----Original Message-----
> > From: KOZMAN Balint [mailto:bkozman(at)imind.hu]
> > Sent: Monday, September 12, 2005 12:45 PM
> > To: pound(at)apsis.ch
> > Subject: [Pound Mailing List] BackendServer access over HTTPS
> >
> >
> > Hi All,
> >
> >
> > I know that a similar topic has been discussed at least once on this
> > list, but my situation is a bit different. I have a site which
> redirects
> > all plain http requests to https with an apache redirect rule.
> > Useful content will only be served through https. Now I wanted to drop
> the
> > site behind a pound proxy, but I ran into the problem that pound will
> only
> > communicate with the backends through http and as a result a nice loop
> > occures.
> >
> > Could someone suggest a nice solution (where "nice" means the "least
> > possible hacking") ?
> >
> > Is it possible to put the redirection to the proxy level? That would
> also
> > do the job.
> >
> >
> > Thanks in advance,
> > Balint
> >
> >
> >
> > --
> > To unsubscribe send an email with subject 'unsubscribe' to
> pound(at)apsis.ch.
> > Please contact roseg(at)apsis.ch for questions.
> > http://192.168.1.2:8080/Apsis/pound/pound_list/archive/2005/2005-
> > 09/1126543529000
>
> --
> To unsubscribe send an email with subject 'unsubscribe' to pound(at)apsis.ch.
> Please contact roseg(at)apsis.ch for questions.
>
http://192.168.1.2:8080/Apsis/pound/pound_list/archive/2005/2005-09/1126543529000/1126556147000
>
>
|
|
|
|
