/ Zope / Apsis / Pound Mailing List / Archive / 2006 / 2006-08 / Re: [Pound Mailing List] URL Rewriting Issues with Pound Version 2 and OpenACS

[ << ] [ >> ]

[ Pound Performance / Jeffrey Brown ... ] [ Pound 2.1, Logfile not showning IP of backend / ... ]

Re: [Pound Mailing List] URL Rewriting Issues with Pound Version 2 and OpenACS
"Richard Hamilton" <ricky.hamilton(at)btopenworld.com>
2006-08-20 21:38:47 [ FULL ]
OK, at last I have been able to get the time to collect the request data 
that Robert asked for. I am VERY sorry that it has taken so long - please 
accept my apologies.

First of all, just to recap:

I am reverse proxying http pages, but have my server configured to issue a 
redirect direct to an un-reverseproxied https connection on another port 
whenever a browser requests a resource that is in a protected area of a 
site. This arrangement works well with my existing (and deprecated!) reverse 
proxy solution which is an Aolserver module that reverse proxies from one 
Aolserver instance to another using Unix sockets rather than port 
forwarding.

When I use pound, the http pages work fine but the redirect fails because 
the redirect seems to be translated such that the request ends up coming 
back to the http listener that redirected it in the first place. In other 
works the OpenACS initiated, Aolserver issued redirect to another port fails 
when using pound.

Here is an excerpt of an earlier message which recaps my working hypothesis:

[...]

What I have now done is to use LiveHTTP Headers in Mozilla and Tcpwatch on 
the server to monitor the requests as they pass between the browser, Pound 
and the server.

Firstly here is the browsers view of what SHOULD happen. This is the correct 
transaction as it occurs with my current reverse proxy solution (Aolserver + 
nsunix):


***BEGIN - BROWSER VIEW OF CORRECT BEHAVIOUR***

http://www.oakmasters.co.uk/register/index

GET /register/index HTTP/1.1
Host: www.oakmasters.co.uk
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.6) 
Gecko/20060728 Firefox/1.5.0.6
Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.oakmasters.co.uk/home/index
Cookie: 
ad_session_id=154970029%2c0%20%7b365%201156099555%2091FEAF5797259FA225ED43C00EE3C361D80C8D7D%7d

HTTP/1.x 302 Found
Transfer-Encoding: chunked
Location: https://www.oakmasters.co.uk:8445/register/index
Content-Type: text/html; charset=iso-8859-1
MIME-Version: 1.0
Date: Sun, 20 Aug 2006 18:27:00 GMT
Server: AOLserver/3.3.1+ad13
--------------: ---
Connection: close
----------------------------------------------------------
https://www.oakmasters.co.uk:8445/register/index

GET /register/index HTTP/1.1
Host: www.oakmasters.co.uk:8445
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.6) 
Gecko/20060728 Firefox/1.5.0.6
Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.oakmasters.co.uk/home/index
Cookie: 
ad_session_id=154970029%2c0%20%7b365%201156099555%2091FEAF5797259FA225ED43C00EE3C361D80C8D7D%7d

HTTP/1.x 200 OK
Content-Type: text/html; charset=iso-8859-1
MIME-Version: 1.0
Date: Sun, 20 Aug 2006 18:27:00 GMT
Server: AOLserver/3.3.1+ad13
Content-Length: 7332
Connection: keep-alive
----------------------------------------------------------

***END - BROWSER VIEW OF CORRECT BEHAVIOUR***


In the above, notice the issue of a 302 redirect with the correct url. This 
results in the broswer requesting the resource via https on the port 
specified in the location header of the 302 redirect method.


Now here is the detail of what happens to the requests when using Pound:


***BEGIN - BROWSER'S EYE VIEW***

http://www.oakmasters.co.uk/register/index

GET /register/index HTTP/1.1
Host: www.oakmasters.co.uk
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.6) 
Gecko/20060728 Firefox/1.5.0.6
Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.oakmasters.co.uk/home/index
Cookie: 
ad_session_id=154970029%2c0%20%7b365%201156099555%2091FEAF5797259FA225ED43C00EE3C361D80C8D7D%7d

HTTP/1.x 302 Found
Transfer-Encoding: chunked
Location: https://www.oakmasters.co.uk:8445/register/index
Content-Type: text/html; charset=iso-8859-1
MIME-Version: 1.0
Date: Sun, 20 Aug 2006 18:27:00 GMT
Server: AOLserver/3.3.1+ad13
--------------: ---
Connection: close
----------------------------------------------------------
https://www.oakmasters.co.uk:8445/register/index

GET /register/index HTTP/1.1
Host: www.oakmasters.co.uk:8445
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.6) 
Gecko/20060728 Firefox/1.5.0.6
Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.oakmasters.co.uk/home/index
Cookie: 
ad_session_id=154970029%2c0%20%7b365%201156099555%2091FEAF5797259FA225ED43C00EE3C361D80C8D7D%7d

HTTP/1.x 200 OK
Content-Type: text/html; charset=iso-8859-1
MIME-Version: 1.0
Date: Sun, 20 Aug 2006 18:27:00 GMT
Server: AOLserver/3.3.1+ad13
Content-Length: 7332
Connection: keep-alive
----------------------------------------------------------

***END - BROWSER'S EYE VIEW***


Note that in this request, whilst the 302 redirect is correctly issued, when 
the browser requests the resource on the https url, the server replies with 
a page that tells the user that they must use https to view the resource. 
The browser address bar shows a request for:

http://www.oakmasters.co.uk:8008/register/index

whereas in the correctly working example this address should be:

https://www.oakmasters.co.uk:8445/register/index


Here is the request on its way into Pound:


*** BEGIN - TCPWATCH INSTANCE BETWEEN BROWSER AND POUND***

GET /register/index HTTP/1.1
Host: www.oakmasters.co.uk:8008
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.6) 
Gecko/20060728 Firefox/1.5.0.6
Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.oakmasters.co.uk:8008/home/index
Cookie: 
ad_session_id=154970140%2c0%20%7b368%201156101276%203E7615BA630D7AD7F8D7C22D82FC55A85A53E3C6%7d

*** END - TCPWATCH INSTANCE BETWEEN BROWSER AND POUND***


Note that the host header has been rewritten. Now this confused me initially 
because the browser makes a request that is changed before it even reaches 
Pound. So I tried the same test using tcpwatch without pound and discovered 
that tcpwatch also destroys the redirect to https.

So, if I put either Pound or tcpwatch in between the browser and the server, 
the redirect to https fails. I suspect that this is because both pieces of 
software rewrite the host header as part of their port forwarding process.

Unfortunately, therefore the use of tcpwatch in this case is like trying to 
read a thermometer in the dark with a blowtorch for light!


*** BEGIN - TCPWATCH INSTANCE BETWEEN POUND AND SERVER***

GET /register/index HTTP/1.1
Host: www.oakmasters.co.uk:8008
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.6) 
Gecko/20060728 Firefox/1.5.0.6
Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.oakmasters.co.uk:8008/home/index
Cookie: 
ad_session_id=154970140%2c0%20%7b368%201156101276%203E7615BA630D7AD7F8D7C22D82FC55A85A53E3C6%7d
X-Forwarded-For: 63.246.8.13

*** END - TCPWATCH INSTANCE BETWEEN POUND AND SERVER***


As the host header has already been rewritten by tcpwatch, the request is 
not further altered here by Pound. Given this situation, I cannot use 
tcpwatch to further analyse the situation. However, I can confirm that Pound 
and tcpwatch both exhibit the same behaviour in breaking the 302 redirect.

I hope that this is useful and easy to read. Once again sorry for the delay 
in submitting the information.

Regards
Richard

[...]

Re: [Pound Mailing List] URL Rewriting Issues with Pound Version 2 and OpenACS
Robert Segall <roseg(at)apsis.ch>
2006-08-21 18:00:40 [ FULL ]
On Sun, 2006-08-20 at 20:38 +0100, Richard Hamilton wrote:[...]

You seem to have put tcpwatch in front of Pound. This would just
duplicate the information from LiveHTTPHeaders. Ideally you want to put
tcpwatch between Pound and the back-end server, in order to see what
gets changed by Pound.
[...]

I might be blind - what is the difference?
[...]

The Host header was NOT changed. It is exactly what you pointed your
browser to. Neither tcpwatch nor Pound change anything in the Host
header.

I suggest you try using tcpwatch between Pound and your back-end. Show
here the request and the response, as well as the corresponding
request/response from LiveHTTPHeaders and we'll try to figure it out
together.[...]

Re: [Pound Mailing List] URL Rewriting Issues with Pound Version 2 and OpenACS
"Richard Hamilton" <ricky.hamilton(at)btopenworld.com>
2006-08-21 21:13:18 [ FULL ]
I've done both in the example posted.

R.

----- Original Message ----- 
From: "Robert Segall" <roseg(at)apsis.ch>
To: <pound(at)apsis.ch>
Sent: Monday, August 21, 2006 5:00 PM
Subject: Re: [Pound Mailing List] URL Rewriting Issues with Pound Version 2 
and OpenACS

[...][...][...][...][...][...][...]

Re: [Pound Mailing List] URL Rewriting Issues with Pound Version 2 and OpenACS
"Richard Hamilton" <ricky.hamilton(at)btopenworld.com>
2006-08-23 01:26:38 [ FULL ]
Robert,

Thanks for the reply. I didn't see your later comments at first but have
found them now. I have done as you suggested and tested with tcpwatch only
between Pound and the backend. Pound behaves exactly as you said it would -
it changes nothing in the request:

***LIVE HTTP HEADERS - BEGIN***

http://www.oakmasters.com:8008/register/index

GET /register/index HTTP/1.1
Host: www.oakmasters.com:8008
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.6)
Gecko/20060728 Firefox/1.5.0.6
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.oakmasters.com:8008/
Cookie:
ad_session_id=155580118%2c0%20%7b367%201156270293%203A390825753EA180B657E7659686052787217686%7d

***LIVE HTTP HEADERS - END***

***TCPWATCH - BEGIN***

GET /register/index HTTP/1.1
Host: www.oakmasters.com:8008
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.6)
Gecko/20060728 Firefox/1.5.0.6
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.oakmasters.com:8008/
Cookie:
ad_session_id=155580118%2c0%20%7b367%201156270293%203A390825753EA180B657E7659686052787217686%7d
X-Forwarded-For: 81.178.79.68

***TCPWATCH - END***

Clearly no 302 redirect has been issued by the backend. Given that the
behaviour is different when using the other reverse proxy solution (i.e. a
302 redirect is issued), there must be something different in the browser's
state that results in some difference in the request.

Here is the detail of the request as monitored by LiveHTTPHeaders during the
working redirect using the other reverse proxy:

***LIVE HTTP HEADERS - BEGIN***
http://www.oakmasters.co.uk/register/index

GET /register/index HTTP/1.1
Host: www.oakmasters.co.uk
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.6)
Gecko/20060728 Firefox/1.5.0.6
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.oakmasters.co.uk/home/index
Cookie:
ad_session_id=154970029%2c0%20%7b365%201156099555%2091FEAF5797259FA225ED43C00EE3C361D80C8D7D%7d

HTTP/1.x 302 Found
Transfer-Encoding: chunked
Location: https://www.oakmasters.co.uk:8445/register/index
Content-Type: text/html; charset=iso-8859-1
MIME-Version: 1.0
Date: Sun, 20 Aug 2006 18:27:00 GMT
Server: AOLserver/3.3.1+ad13
--------------: ---
Connection: close
----------------------------------------------------------
https://www.oakmasters.co.uk:8445/register/index

GET /register/index HTTP/1.1
Host: www.oakmasters.co.uk:8445
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.6)
Gecko/20060728 Firefox/1.5.0.6
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.oakmasters.co.uk/home/index
Cookie:
ad_session_id=154970029%2c0%20%7b365%201156099555%2091FEAF5797259FA225ED43C00EE3C361D80C8D7D%7d

HTTP/1.x 200 OK
Content-Type: text/html; charset=iso-8859-1
MIME-Version: 1.0
Date: Sun, 20 Aug 2006 18:27:00 GMT
Server: AOLserver/3.3.1+ad13
Content-Length: 7332
Connection: keep-alive
----------------------------------------------------------

***LIVE HTTP HEADERS - END***

The difference that leaps out at me here is that when using the other
reverse proxy solution (i.e. the one with which the redirect to https on
another port works), the host header does not include the port number.

Host: www.oakmasters.co.uk

When the browser is interacting with the backend through Pound it sees the
host as being specific to a port:

Host: www.oakmasters.com:8008

I am guessing but I presume that this is because the referrer header that is
in the Pound mediated requests includes the port number. In contrast, the
referrer header in the requests when using the other reverse proxy does not
include the port number.

- If the request is sent with the host header specifying a domain AND port
number, OpenACS does not issue a 302 redirect, but instead issues a security
warning, informing the user that the resource is only available via https.

- If the request is sent with the host headers specifying only the domain,
OpenACS issues a 302 redirect and everything works just fine - the browser
requests the page direct from the https port.

Regards
Richard



----- Original Message ----- 
From: "Robert Segall" <roseg(at)apsis.ch>
To: <pound(at)apsis.ch>
Sent: Monday, August 21, 2006 5:00 PM
Subject: Re: [Pound Mailing List] URL Rewriting Issues with Pound Version 2 
and OpenACS

[...][...][...][...][...][...][...]

Re: [Pound Mailing List] URL Rewriting Issues with Pound Version 2 and OpenACS
Robert Segall <roseg(at)apsis.ch>
2006-08-23 18:48:09 [ FULL ]
On Wed, 2006-08-23 at 00:26 +0100, Richard Hamilton wrote:[...]

Please stop truncating the tcpwatch logs: showing us the request without
the associated replies is meaningless!

As to the specifics: the Host header ALWAYS is what you typed in your
browser address. Thus, if you request http://1.2.3.4:9876/x/y you will
ALWAYS see Host: 1.2.3.4:9876 in your request. This has nothing to do
with proxy servers - it is a function of the browser.

Finally, a Host without a port number is the exact equivalent of one
with a default port number - 80 for http, 443 for https.[...]

Re: [Pound Mailing List] URL Rewriting Issues with Pound Version 2 and OpenACS
Stefan Lambrev <stefan.lambrev(at)sun-fish.com>
2006-08-24 09:40:36 [ FULL ]
hi all,

I have similar problems with pound 2.1 on FreeBSD 6.1 (64bit).
I configured pound to listen on port 80 and the "backend" is on port 9080
On every browser that I tested (IE6.x,Firefox,Opera,konqueror and etc.)
always the same problem - when I type the URL without a port e.g 
www.host.tld
I'm redirected to http://www.host.tld:9080/
I tried RewriteLocation 1 and then RewriteLocation 0 but nothing changed.
It seems like pound cannot work with backends on different ports.

I'm currently using pound 1.9 and do not have such a problems, so any help
is well come :)

P.S. When pound listen on port 80 and backend is on port 80 everything 
is ok.

Richard Hamilton wrote:[...]
[...]

Re: [Pound Mailing List] URL Rewriting Issues with Pound Version 2 and OpenACS
Robert Segall <roseg(at)apsis.ch>
2006-08-24 18:32:01 [ FULL ]
On Thu, 2006-08-24 at 10:40 +0300, Stefan Lambrev wrote:[...]

Could it be something that is OpenACS specific?

I still would very much like to see a full trace of the request/response
cycles between Pound and OpenACS - there is not much else I can do
without it.[...]

Re: [Pound Mailing List] URL Rewriting Issues with Pound Version 2 and OpenACS
"Richard Hamilton" <ricky.hamilton(at)btopenworld.com>
2006-08-24 21:23:57 [ FULL ]
Robert,

Request/response below, but there is no cycle of redirection - there is 
simply a response saying 'https only'. This is I think because the port 
number is included in the referrer header (in contrast to the AOlserver 
based reverse proxied request which excludes the port number) which makes 
the request unambiguous and therefore absolutely directed at the insecure 
http port.

OpenACS therefore correctly refuses the request instead of issuing a 302 
redirect, which it would otherwise do if the request did not specify a 
particular port number.

If you refer to the request headers from the Aolserver reverse proxied 
transaction (which works) you will see that the referrer header in pages 
from the domain does not include a specific port number. The browser 
therefore issues its requests without specifying a port number and OpenACS 
is then free to issue a redirect to move the connection to an https listener 
on a different port as and when required.

I have become convinced that the only way to make OpenACS work with Pound as 
a reverse proxy for http only, is if Pound could be directed not to add the 
port number to the referrer header.

To answer your question, no I do not think that this is OpenACS specific, or 
at least if it is, OpenACS is behaving logically. I think that this will 
happen any time a web server needs to redirect a request to an alternative 
port. If the request itself is saying in the host header "get me the 
resource but ONLY provide it to me from port x" then if behaving correctly, 
the server has no option but to report that the requested resource is not 
available from that specified port. It seems that in trying to keep 
connections tied tightly to the correct ports, Pound removes the server's 
freedom to issue port redirections.

Do you think that we can work up a fix for this?

Regards
Richard

Transaction below:

***BROWSER BEGIN***
http://www.oakmasters.com:8008/register/index

GET /register/index HTTP/1.1
Host: www.oakmasters.com:8008
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.6) 
Gecko/20060728 Firefox/1.5.0.6
Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.oakmasters.com:8008/
Cookie: 
ad_session_id=155580118%2c0%20%7b367%201156270293%203A390825753EA180B657E7659686052787217686%7d

HTTP/1.x 403 Forbidden
Content-Type: text/html; charset=iso-8859-1
MIME-Version: 1.0
Date: Tue, 22 Aug 2006 17:52:26 GMT
Server: AOLserver/3.3.1+ad13
Content-Length: 284
Connection: close
----------------------------------------------------------
***BROWSER END***


***TCPWATCH REQUEST BEGIN***
GET /register/index HTTP/1.1
Host: www.oakmasters.com:8008
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.6) 
Gecko/20060728 Firefox/1.5.0.6
Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.oakmasters.com:8008/
Cookie: 
ad_session_id=155580118%2c0%20%7b367%201156270293%203A390825753EA180B657E7659686052787217686%7d
X-Forwarded-For: 81.178.79.68
***TCPWATCH REQUEST END***

***TCPWATCH RESPONSE BEGIN***
HTTP/1.0 403 Forbidden
Content-Type: text/html; charset=iso-8859-1
MIME-Version: 1.0
Date: Tue, 22 Aug 2006 17:52:26 GMT
Server: AOLserver/3.3.1+ad13
Content-Length: 284
Connection: close

<html>
<head>

<title>Please use HTTPS</title>
</head>
<body bgcolor="white" text="black">

 <h2>Please use HTTPS</h2>
<hr>Sorry, you must use HTTPS to access this page.



<hr>

<a 
href="mailto:webmaster(at)oakmasters.com"><address>webmaster(at)oakmasters.com</address></a>
</body>
</html>
***TCPWATCH RESPONSE END***



----- Original Message ----- 
From: "Robert Segall" <roseg(at)apsis.ch>
To: <pound(at)apsis.ch>
Sent: Thursday, August 24, 2006 5:32 PM
Subject: Re: [Pound Mailing List] URL Rewriting Issues with Pound Version 2 
and OpenACS

[...][...][...]

Re: [Pound Mailing List] URL Rewriting Issues with Pound Version 2 and OpenACS
"Richard Hamilton" <ricky.hamilton(at)btopenworld.com>
2006-08-24 22:00:49 [ FULL ]
Robert,

Further to my previous email, I have done some more testing and now cannot 
even support my previous theory!

Here is a complete transaction from LiveHTTPHeaders of the process using the 
Aolserver reverse proxy module nsunix. There are two pages requested. The 
first is the homepage to create the environment in the browser, the second 
is the login page that should result in the transfer to https.

Request1)  /
Request2)  /register/index

The requested resources are relative links as above.

This is what should happen when making the same request with Pound (in 
contrast the headers that you have from my previous post represent the full 
set of interactions when proxied through Pound). For some reason that I have 
not yet figured, when Pound is proxying the requests, OpenACS does not issue 
a redirect to https. I cannot see any obvious differences in the headers 
(but please tell me if I am missing something).

In the meantime I will take your lead and widen the search to include 
OpenACS specific config issues that might have a bearing on this.

***BEGIN REQUEST ONE***
http://www.oakmasters.co.uk:8002/

GET / HTTP/1.1
Host: www.oakmasters.co.uk:8002
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.6) 
Gecko/20060728 Firefox/1.5.0.6
Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive

HTTP/1.x 302 Found
Set-Cookie: 
ad_session_id=156230003%2c0%20%7b370%201156450060%2010C28942203304E542A8A059A45E91F02F7CFCEE%7d;

Path=/; Max-Age=1200
Location: http://www.oakmasters.co.uk:8002/home/index
Content-Type: text/html; charset=iso-8859-1
MIME-Version: 1.0
Date: Thu, 24 Aug 2006 19:47:40 GMT
Server: AOLserver/3.3.1+ad13
Content-Length: 334
Connection: close
----------------------------------------------------------
http://www.oakmasters.co.uk:8002/home/index

GET /home/index HTTP/1.1
Host: www.oakmasters.co.uk:8002
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.6) 
Gecko/20060728 Firefox/1.5.0.6
Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: 
ad_session_id=156230003%2c0%20%7b370%201156450060%2010C28942203304E542A8A059A45E91F02F7CFCEE%7d

HTTP/1.x 200 OK
Content-Type: text/html; charset=iso-8859-1
MIME-Version: 1.0
Date: Thu, 24 Aug 2006 19:47:41 GMT
Server: AOLserver/3.3.1+ad13
Content-Length: 8534
Connection: keep-alive
----------------------------------------------------------

***END REQUEST ONE***

***BEGIN REQUEST TWO***
http://www.oakmasters.co.uk:8002/register/index

GET /register/index HTTP/1.1
Host: www.oakmasters.co.uk:8002
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.6) 
Gecko/20060728 Firefox/1.5.0.6
Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.oakmasters.co.uk:8002/home/index
Cookie: 
ad_session_id=156230003%2c0%20%7b370%201156450060%2010C28942203304E542A8A059A45E91F02F7CFCEE%7d

HTTP/1.x 302 Found
Location: https://www.oakmasters.co.uk:8445/register/index
Content-Type: text/html; charset=iso-8859-1
MIME-Version: 1.0
Date: Thu, 24 Aug 2006 19:47:57 GMT
Server: AOLserver/3.3.1+ad13
Content-Length: 339
Connection: close
----------------------------------------------------------
https://www.oakmasters.co.uk:8445/register/index

GET /register/index HTTP/1.1
Host: www.oakmasters.co.uk:8445
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.6) 
Gecko/20060728 Firefox/1.5.0.6
Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.oakmasters.co.uk:8002/home/index
Cookie: 
ad_session_id=156230003%2c0%20%7b370%201156450060%2010C28942203304E542A8A059A45E91F02F7CFCEE%7d

HTTP/1.x 200 OK
Content-Type: text/html; charset=iso-8859-1
MIME-Version: 1.0
Date: Thu, 24 Aug 2006 19:48:06 GMT
Server: AOLserver/3.3.1+ad13
Content-Length: 7332
Connection: keep-alive
----------------------------------------------------------
https://www.oakmasters.co.uk:8445/static/design.css

GET /static/design.css HTTP/1.1
Host: www.oakmasters.co.uk:8445
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.6) 
Gecko/20060728 Firefox/1.5.0.6
Accept: text/css,*/*;q=0.1
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://www.oakmasters.co.uk:8445/register/index
Cookie: 
ad_session_id=156230003%2c0%20%7b370%201156450060%2010C28942203304E542A8A059A45E91F02F7CFCEE%7d

HTTP/1.x 200 OK
Last-Modified: Tue, 06 Apr 2004 18:39:54 GMT
Content-Type: text/css; charset=iso-8859-1
MIME-Version: 1.0
Date: Thu, 24 Aug 2006 19:48:06 GMT
Server: AOLserver/3.3.1+ad13
Content-Length: 7717
Connection: keep-alive
----------------------------------------------------------
https://www.oakmasters.co.uk:8445/static/images/bg2.gif

GET /static/images/bg2.gif HTTP/1.1
Host: www.oakmasters.co.uk:8445
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.6) 
Gecko/20060728 Firefox/1.5.0.6
Accept: image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://www.oakmasters.co.uk:8445/register/index
Cookie: 
ad_session_id=156230003%2c0%20%7b370%201156450060%2010C28942203304E542A8A059A45E91F02F7CFCEE%7d

HTTP/1.x 200 OK
Last-Modified: Tue, 23 Sep 2003 10:33:00 GMT
MIME-Version: 1.0
Date: Thu, 24 Aug 2006 19:48:07 GMT
Server: AOLserver/3.3.1+ad13
Content-Type: image/gif
Content-Length: 11473
Connection: keep-alive
----------------------------------------------------------
https://www.oakmasters.co.uk:8445/static/images/header_01.gif

GET /static/images/header_01.gif HTTP/1.1
Host: www.oakmasters.co.uk:8445
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.6) 
Gecko/20060728 Firefox/1.5.0.6
Accept: image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://www.oakmasters.co.uk:8445/register/index
Cookie: 
ad_session_id=156230003%2c0%20%7b370%201156450060%2010C28942203304E542A8A059A45E91F02F7CFCEE%7d

HTTP/1.x 200 OK
Last-Modified: Tue, 23 Sep 2003 10:33:00 GMT
Content-Type: image/gif
MIME-Version: 1.0
Date: Thu, 24 Aug 2006 19:48:07 GMT
Server: AOLserver/3.3.1+ad13
Content-Length: 2027
Connection: keep-alive
----------------------------------------------------------
https://www.oakmasters.co.uk:8445/static/images/header_06.gif

GET /static/images/header_06.gif HTTP/1.1
Host: www.oakmasters.co.uk:8445
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.6) 
Gecko/20060728 Firefox/1.5.0.6
Accept: image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://www.oakmasters.co.uk:8445/register/index
Cookie: 
ad_session_id=156230003%2c0%20%7b370%201156450060%2010C28942203304E542A8A059A45E91F02F7CFCEE%7d

HTTP/1.x 200 OK
Last-Modified: Tue, 23 Sep 2003 10:33:00 GMT
Content-Type: image/gif
MIME-Version: 1.0
Date: Thu, 24 Aug 2006 19:48:07 GMT
Server: AOLserver/3.3.1+ad13
Content-Length: 1729
Connection: keep-alive
----------------------------------------------------------
https://www.oakmasters.co.uk:8445/static/images/logo.gif

GET /static/images/logo.gif HTTP/1.1
Host: www.oakmasters.co.uk:8445
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.6) 
Gecko/20060728 Firefox/1.5.0.6
Accept: image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://www.oakmasters.co.uk:8445/register/index
Cookie: 
ad_session_id=156230003%2c0%20%7b370%201156450060%2010C28942203304E542A8A059A45E91F02F7CFCEE%7d

HTTP/1.x 200 OK
Last-Modified: Tue, 23 Sep 2003 10:33:00 GMT
Content-Type: image/gif
MIME-Version: 1.0
Date: Thu, 24 Aug 2006 19:48:07 GMT
Server: AOLserver/3.3.1+ad13
Content-Length: 5658
Connection: keep-alive
----------------------------------------------------------
https://www.oakmasters.co.uk:8445/static/images/header_02.gif

GET /static/images/header_02.gif HTTP/1.1
Host: www.oakmasters.co.uk:8445
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.6) 
Gecko/20060728 Firefox/1.5.0.6
Accept: image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://www.oakmasters.co.uk:8445/register/index
Cookie: 
ad_session_id=156230003%2c0%20%7b370%201156450060%2010C28942203304E542A8A059A45E91F02F7CFCEE%7d

HTTP/1.x 200 OK
Last-Modified: Tue, 23 Sep 2003 10:33:00 GMT
Content-Type: image/gif
MIME-Version: 1.0
Date: Thu, 24 Aug 2006 19:48:07 GMT
Server: AOLserver/3.3.1+ad13
Content-Length: 2001
Connection: keep-alive
----------------------------------------------------------
https://www.oakmasters.co.uk:8445/static/images/header_03.gif

GET /static/images/header_03.gif HTTP/1.1
Host: www.oakmasters.co.uk:8445
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.6) 
Gecko/20060728 Firefox/1.5.0.6
Accept: image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://www.oakmasters.co.uk:8445/register/index
Cookie: 
ad_session_id=156230003%2c0%20%7b370%201156450060%2010C28942203304E542A8A059A45E91F02F7CFCEE%7d

HTTP/1.x 200 OK
Last-Modified: Tue, 23 Sep 2003 10:33:00 GMT
Content-Type: image/gif
MIME-Version: 1.0
Date: Thu, 24 Aug 2006 19:48:07 GMT
Server: AOLserver/3.3.1+ad13
Content-Length: 2530
Connection: keep-alive
----------------------------------------------------------
https://www.oakmasters.co.uk:8445/static/images/header_05.gif

GET /static/images/header_05.gif HTTP/1.1
Host: www.oakmasters.co.uk:8445
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.6) 
Gecko/20060728 Firefox/1.5.0.6
Accept: image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://www.oakmasters.co.uk:8445/register/index
Cookie: 
ad_session_id=156230003%2c0%20%7b370%201156450060%2010C28942203304E542A8A059A45E91F02F7CFCEE%7d

HTTP/1.x 200 OK
Last-Modified: Tue, 23 Sep 2003 10:33:00 GMT
Content-Type: image/gif
MIME-Version: 1.0
Date: Thu, 24 Aug 2006 19:48:07 GMT
Server: AOLserver/3.3.1+ad13
Content-Length: 1732
Connection: keep-alive
----------------------------------------------------------
https://www.oakmasters.co.uk:8445/static/images/header_07.gif

GET /static/images/header_07.gif HTTP/1.1
Host: www.oakmasters.co.uk:8445
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.6) 
Gecko/20060728 Firefox/1.5.0.6
Accept: image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://www.oakmasters.co.uk:8445/register/index
Cookie: 
ad_session_id=156230003%2c0%20%7b370%201156450060%2010C28942203304E542A8A059A45E91F02F7CFCEE%7d

HTTP/1.x 200 OK
Last-Modified: Tue, 23 Sep 2003 10:33:00 GMT
Content-Type: image/gif
MIME-Version: 1.0
Date: Thu, 24 Aug 2006 19:48:07 GMT
Server: AOLserver/3.3.1+ad13
Content-Length: 1928
Connection: keep-alive
----------------------------------------------------------
https://www.oakmasters.co.uk:8445/static/images/base.gif

GET /static/images/base.gif HTTP/1.1
Host: www.oakmasters.co.uk:8445
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.6) 
Gecko/20060728 Firefox/1.5.0.6
Accept: image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://www.oakmasters.co.uk:8445/register/index
Cookie: 
ad_session_id=156230003%2c0%20%7b370%201156450060%2010C28942203304E542A8A059A45E91F02F7CFCEE%7d

HTTP/1.x 200 OK
Last-Modified: Tue, 23 Sep 2003 10:33:00 GMT
Content-Type: image/gif
MIME-Version: 1.0
Date: Thu, 24 Aug 2006 19:48:07 GMT
Server: AOLserver/3.3.1+ad13
Content-Length: 228
Connection: keep-alive
----------------------------------------------------------
https://www.oakmasters.co.uk:8445/static/images/headerback.gif

GET /static/images/headerback.gif HTTP/1.1
Host: www.oakmasters.co.uk:8445
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.6) 
Gecko/20060728 Firefox/1.5.0.6
Accept: image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://www.oakmasters.co.uk:8445/register/index
Cookie: 
ad_session_id=156230003%2c0%20%7b370%201156450060%2010C28942203304E542A8A059A45E91F02F7CFCEE%7d

HTTP/1.x 200 OK
Last-Modified: Tue, 23 Sep 2003 10:33:00 GMT
Content-Type: image/gif
MIME-Version: 1.0
Date: Thu, 24 Aug 2006 19:48:07 GMT
Server: AOLserver/3.3.1+ad13
Content-Length: 321
Connection: keep-alive
----------------------------------------------------------
***END REQUEST TWO***

Regards
Richard


----- Original Message ----- 
From: "Robert Segall" <roseg(at)apsis.ch>
To: <pound(at)apsis.ch>
Sent: Thursday, August 24, 2006 5:32 PM
Subject: Re: [Pound Mailing List] URL Rewriting Issues with Pound Version 2 
and OpenACS

[...][...][...]

Re: [Pound Mailing List] URL Rewriting Issues with Pound Version 2 and OpenACS
"Richard Hamilton" <ricky.hamilton(at)btopenworld.com>
2006-08-24 22:47:54 [ FULL ]
Sorry - very important correction to last post!!

The example transaction below is NOT using nsunix - it is in fact bypassing 
all reverse proxying and issuing the request direct to port 8002. This is 
the http port for the backend.

So, when issuing the requests direct to the backend, the referrer header 
includes the port number. As shown by the headers, when requesting 
/register/index direct from the backend http port 8002, the redirect to 
https works just fine. However, once Pound is inserted it does not. The 
question is why?

In contrast, when using nsunix as a reverse proxy (where the redirect works 
fine), the port number is notably absent from the referrer header in the 
requests.

Could this fact be material?

Regards
Richard


----- Original Message ----- 
From: "Richard Hamilton" <ricky.hamilton(at)btopenworld.com>
To: <pound(at)apsis.ch>
Sent: Thursday, August 24, 2006 9:00 PM
Subject: Re: [Pound Mailing List] URL Rewriting Issues with Pound Version 2 
and OpenACS

[...][...]
>>> hi all,
>>>
>>> I have similar problems with pound 2.1 on FreeBSD 6.1 (64bit).
>>> I configured pound to listen on port 80 and the "backend" is on
port 
>>> 9080
>>> On every browser that I tested (IE6.x,Firefox,Opera,konqueror and
etc.)
>>> always the same problem - when I type the URL without a port e.g
>>> www.host.tld
>>> I'm redirected to http://www.host.tld:9080/
>>> I tried RewriteLocation 1 and then RewriteLocation 0 but nothing 
>>> changed.
>>> It seems like pound cannot work with backends on different ports.
>>>
>>> I'm currently using pound 1.9 and do not have such a problems, so
any 
>>> help
>>> is well come :)
>>>
>>> P.S. When pound listen on port 80 and backend is on port 80
everything
>>> is ok.[...][...]

Re: [Pound Mailing List] URL Rewriting Issues with Pound Version 2 and OpenACS
Jacques Caron <jc(at)oxado.com>
2006-08-24 23:28:54 [ FULL ]
Hi,

It seems the problem here is that pound leaves the 8008 port in the 
Host: header, which confuses the backend server (which has every 
right to be confused...). Don't quite know offhand if this should be 
rewritten to strip the port or change it to the backend port, though.

This scenario is different from having pound listen on :80 and hence 
receiving requests with the Host: header (generally) without the 
port. Could you try it in that situation? Unless of course your 
production scenario is indeed using "alternate ports", in which case 
there is indeed some breakage...

Jacques.

At 21:23 24/08/2006, Richard Hamilton wrote:[...]

Re: [Pound Mailing List] URL Rewriting Issues with Pound Version 2 and OpenACS
"Richard Hamilton" <ricky.hamilton(at)btopenworld.com>
2006-08-24 23:58:53 [ FULL ]
I suspect that this might work on port 80 as you suggest. I tested with port 
80 prior to the LocationRewrite parameter being added but I don't think I 
have tested like that since.

The only issue is that even if it does work in that mode, there is still a 
problem if you want to use something other than the default port.

Regards
Richard

----- Original Message ----- 
From: "Jacques Caron" <jc(at)oxado.com>
To: <pound(at)apsis.ch>
Cc: <pound(at)apsis.ch>
Sent: Thursday, August 24, 2006 10:28 PM
Subject: Re: [Pound Mailing List] URL Rewriting Issues with Pound Version 2 
and OpenACS

[...][...][...]

Re: [Pound Mailing List] URL Rewriting Issues with Pound Version 2 and OpenACS
"Richard Hamilton" <ricky.hamilton(at)btopenworld.com>
2006-08-25 01:17:22 [ FULL ]
Jacques,

Thank you for your comments. Having now tested this I can confirm that the 
redirect to https works just fine when Pound is running on the default port. 
This confirms that it is the inclusion of the port number that confuses the 
backend. So at least the issue is now properly characterised! (Sorry it took 
so long!).

The issue now seems to be that there is a very good reason for including the 
port number, and that is to make sure that connections made through the 
proxy, remain proxied and do not get handed off by accident direct to the 
backend server port.

There seems to be no obvious way to achieve the desired result on a 
non-default port (i.e. by cunning use of the URL or HEAD DENY directives) 
without ending up with Pound effectively doing the server's job by examining 
the request and issuing the redirect itself.

For my own purposes however, this as it stands works wonderfully well - just 
as I had hoped - as long as Pound is on the default port.

If anyone can think of a way around the non standard ports issues, I'd be 
grateful to hear the ideas.

Regards
Richard

----- Original Message ----- 
From: "Jacques Caron" <jc(at)oxado.com>
To: <pound(at)apsis.ch>
Cc: <pound(at)apsis.ch>
Sent: Thursday, August 24, 2006 10:28 PM
Subject: Re: [Pound Mailing List] URL Rewriting Issues with Pound Version 2 
and OpenACS

[...][...][...]

Re: [Pound Mailing List] URL Rewriting Issues with Pound Version 2 and OpenACS
Stefan Lambrev <stefan.lambrev(at)sun-fish.com>
2006-08-25 10:01:55 [ FULL ]
Hi all,

Robert Segall wrote:[...][...][...]
Sorry, I forgot to mention that I use Apache web servers 1.3.x for 
backends. :)
[...]

Re: [Pound Mailing List] URL Rewriting Issues with Pound Version 2 and OpenACS
Robert Segall <roseg(at)apsis.ch>
2006-08-25 18:38:42 [ FULL ]
On Fri, 2006-08-25 at 00:17 +0100, Richard Hamilton wrote:[...]

For the last time: the explicit port has nothing to do with Pound, or
anything else. The port is set by the browser itself, it appears in the
Host header AS SENT BY THE BROWSER and is just sent on to the back-end
as received. You'll have exactly the same situation if you just have
OpenACS listen on a non-standard port and the browser connecting it
directly.

The only thing I can imagine is that something in your application
checks on the port number (perhaps you have some sort of lame check for
HTTP/S in your code). If the port numbers for Host and the port OpenACS
listens on do not match your application may reject it. I suggest you
check carefully on this possibility.

The fact that a plain tcpwatch had the same problems as Pound shows that
the problem is not in the proxy but in the application code.[...]

Re: [Pound Mailing List] URL Rewriting Issues with Pound Version 2 and OpenACS
"Richard Hamilton" <ricky.hamilton(at)btopenworld.com>
2006-08-25 20:15:32 [ FULL ]
Robert,

Now that I fully understand the situation I do completely agree with 
everything that you have said. Sorry it took me so long to grasp it - 
learning as I go along!

Thank you for your patient help and guidance.

I shall now document what I have learned on the OpenACS site and will 
discuss the redirect issue with a view to improving the code so that OpenACS 
can still issue a redirect even when an http port is specified.You are quite 
correct in what you say.

Thank you for a fantastic reverse proxy - works really well!

Regards
Richard

----- Original Message ----- 
From: "Robert Segall" <roseg(at)apsis.ch>
To: <pound(at)apsis.ch>
Sent: Friday, August 25, 2006 5:38 PM
Subject: Re: [Pound Mailing List] URL Rewriting Issues with Pound Version 2 
and OpenACS

[...][...][...]

Re: [Pound Mailing List] Verisign Still Problematic with Pound?
"Mathew Brown" <mathewbrown(at)fastmail.fm>
2006-08-27 12:43:47 [ FULL ]
Hi,
  Sorry I haven't replied earlier.  I've been preoccupied with other
  work lately but I'm now trying to test Verisign again.  I registered
  for a free (14 day) trial period and provided them with the CSR
  (openssl req -new -nodes -keyout yourname.key -out yourname.csr).  I
  then continued the process and they sent me a test root CA that I'm
  supposed to import into my browser is an authority.  I did this. 
  However, they didn't send me a .crt file.  Is this normal?  Don't I
  need a .crt file?  Thank you for your help. 

On Thu, 10 Aug 2006 11:26:06 +0200, "Ondra Kudlik" <kepi(at)orthank.net>
said:[...][...]

MailBoxer