/ Zope / Apsis / Pound Mailing List / Archive / 2006 / 2006-08 / Re: [Pound Mailing List] :80 appears in browser URL with Safari

[ << ] [ >> ]

[ ANNOUNCE: Pound - reverse proxy and load balancer ... ] [ The Full Package, Please :) / beno ... ]

Re: [Pound Mailing List] :80 appears in browser URL with Safari
Robert Segall <roseg(at)apsis.ch>
2006-08-05 11:53:22 [ FULL ]
On Mon, 2006-07-31 at 11:44 -0700, Shawn O'Connor wrote:[...]

Fixed in the 2.x series. Please upgrade.[...]

Re: [Pound Mailing List] Release 2.1
Robert Segall <roseg(at)apsis.ch>
2006-08-05 11:54:50 [ FULL ]
On Mon, 2006-07-31 at 21:49 +0200, Ondra Kudlik wrote:[...]

Please try 2.1 - it should fix this issue.[...]

Re: [Pound Mailing List] Release 2.1
Ondra Kudlik <kepi(at)orthank.net>
2006-08-06 23:59:25 [ FULL ]
So, srp 05, 2006 ve 11:54:50 +0200, Robert Segall napsal:[...]

Thank you! It works fine now.

I have RewriteLocation set to 1 and it do everything exactly as we
need.

--
 .''`. Ondra 'Kepi' Kudlik
: :' : Debian GNU/Linux User
`. `'
  `-   http://www.nosoftwarepatents.com/cz/m/intro/index.html

Re: [Pound Mailing List] Release 2.1
Robert Segall <roseg(at)apsis.ch>
2006-08-07 18:30:30 [ FULL ]
On Sun, 2006-08-06 at 23:59 +0200, Ondra Kudlik wrote:[...]

Thanks for the report - that's useful.[...]

Re: [Pound Mailing List] Release 2.1
Ondra Kudlik <kepi(at)orthank.net>
2006-08-10 11:50:08 [ FULL ]
Po, srp 07, 2006 ve 06:30:30 +0200, Robert Segall napsal:[...]

Hi,

I'm afraid that some issues are still here :(

I have two pound running, one is for http connections and another is
for https connection.

Problem is that on some webs we have redirect to https version from
nonhttp, so i.e.

http://www.somehost.net/ is redirected
to https://www.somehost.net/
from .htaccess (RewriteRule with R or R=301 option).

On both pounds we have RewriteLocation set to 1 but with this
redirection we get inifinitive loop :(

I temporarily save the situation by using Redirect in Service
section for this hosts but as we have many clients, we are not able
to redefine every redirect to https on every web

--
 .''`. Ondra 'Kepi' Kudlik
: :' : Debian GNU/Linux User
`. `'
  `-   http://www.nosoftwarepatents.com/cz/m/intro/index.html

Re: [Pound Mailing List] Release 2.1
Robert Segall <roseg(at)apsis.ch>
2006-08-10 12:12:43 [ FULL ]
On Thu, 2006-08-10 at 11:50 +0200, Ondra Kudlik wrote:[...]

That is correct - if you have a http to https redirect you can't use the
Pound mechanism, as it will just rewrite the Location to your original
value.

If you can disable RewriteLocation selectively (based on URL) you are
OK, same if you can use a Redirect back-end. Otherwise use a separate IP
address for your https host.[...]

Re: [Pound Mailing List] Release 2.1
Ondra Kudlik <kepi(at)orthank.net>
2006-08-10 12:51:50 [ FULL ]
Čt, srp 10, 2006 ve 12:12:43 +0200, Robert Segall napsal:[...]

Thanks for answer. But I just wonder why this work without problems on
1.x series (I used to use RewriteRedirect 2).
[...]

I can't, as I said, we have many clients and redirect something is
their decision.
[...]

hmm... I think I don't understand. If I have address
www.somehost.net with ip 1.2.3.4 how I can have different IP for
https??? It's only protocol difference and not hostname...

Re: [Pound Mailing List] Release 2.1
Robert Segall <roseg(at)apsis.ch>
2006-08-10 14:49:29 [ FULL ]
On Thu, 2006-08-10 at 12:51 +0200, Ondra Kudlik wrote:[...]

The definition and mode of operation was different in the 1.x series. We
try to do better in 2.x, doesn't mean we succeed...
[...]

I meant access to http://www.host.net/safe gets to be
redirected to
https://secure.host.net/safe - the
amount of work involved is the same.[...]

Re: [Pound Mailing List] Release 2.1
Ondra Kudlik <kepi(at)orthank.net>
2006-08-10 15:09:16 [ FULL ]
Čt, srp 10, 2006 ve 02:49:29 +0200, Robert Segall napsal:[...]

Ok, I understand. I think you are doing great job... there are only
"small" issues. Pound is great peace of software for our needs.
[...]

This is not possible in our situation. Try to imagine that we have
couple hundreds of clients and they want want to redirect some page
to its https variant. We cannot tell them thet this is not
possible... we have to allow this. They don't care how...

Isn't there any possibility to modify pound to allow this
redirection? 

--
 .''`. Ondra 'Kepi' Kudlik
: :' : Debian GNU/Linux User
`. `'
  `-   http://www.nosoftwarepatents.com/cz/m/intro/index.html

Re: [Pound Mailing List] Release 2.1
Robert Segall <roseg(at)apsis.ch>
2006-08-10 15:21:19 [ FULL ]
On Thu, 2006-08-10 at 15:09 +0200, Ondra Kudlik wrote:[...]

It certainly is possible. In order to ensure the complete security of
your customers, you have installed an extra-secure server, accessible as
secure.host.net. Any page on www.host.net which contains sensitive
information should be redirected to secure.host.net (with an identical
path), which is only accessible via https.

Problem solved, happy customers.
[...]

I would be happy for suggestions.[...]

Re: [Pound Mailing List] Release 2.1
Ondra Kudlik <kepi(at)orthank.net>
2006-08-10 15:54:27 [ FULL ]
Čt, srp 10, 2006 ve 03:21:19 +0200, Robert Segall napsal:[...]

It is ideal world with ideal customers :/ We try to do such things
but it doesn't work. For some period of time everything is ok, but
then they ask: Why we can't to do ... we saw some page and they have
it without problems. 

And I personally think that this is good future and should work.

And mainly, we have certifikates for exact url... we cannot throw
them away and buy new one for secure.host.... :(
[...]

I'm really not good C programmer... I think you are the one who can
know if there is possibility... Some whey to also resolve used
protocol or something like.

I like to help with something, but this problem is to difficult for
me :/

Ondra Kudlik

MailBoxer