On Fri, 2006-12-29 at 10:23 -0500, Joe Gooch wrote:[...]

Fair enough - I'll put it in. I hope this doesn't break anything.[...]

I'm pretty sure it won't break anything.  It's been running on my test
site for the last couple days with no problems.  I'll be moving it to
production in about a week.  If you're nervous and want to wait I can
give you some feedback in about 2 weeks.

I have some other changes that I've implemented on my copy, but they're
more radical changes.  I'll wait for the 2.3 branch to introduce them.
Short rundown:

- Implement ServiceName's (I have 11 services, really helps with
poundctl)
- ControlUser, ControlGroup, ControlMode directives for determining
ownership and file mode of the control socket
- Perl bindings for poundctl
- A perl web CGI for managing/viewing pound sessions and status a la
poundctl
- Ability to support Coldfusion authentication information for logs
- Ability to track the last url and username seen in a given session
- New loglevels that include the backend and/or the servicename in the
logfile
- Ability to write log messages to a file instead of a syslog (which
breaks your "Pound should never write to the filesystem after starting"
rule, so may never be integrated, but for testing, it's nice to add
Logfile stdout to the config)

Joseph Gooch
Sapphire Suite Product Manager
K12 Systems, Inc.
(866) 366-9540
[...]
the[...]
side[...]
listener.[...]
pound(at)apsis.ch.[...]

On Tue, 2007-01-02 at 10:53 -0500, Joe Gooch wrote:[...]

It will be in 2.2.1.
[...]

Planned.
[...]

We'll look at those.
[...]

Great. Some volunteers for Python?
[...]

Great. I was hoping someone would come up with such extensions.
Additional stuff (gnome/KDE UI especially) would be great.
[...]

What is different in Coldfusion? The "regular" user is logged.
[...]

Listener and Back-end are logged in LogLevel 2.
[...]

Configure with --disable-log and you'll get all the log messages to
stdout/stderr.[...]

If when you get to that point, you'd like patches, let me know.  I have
a local subversion repository from which I can do patches against a
vendor tag.  I already have these items implemented.  I'm glad we're
thinking alike. :)
[...]

It wouldn't be a problem if I were using Basic auth with my Coldfusion
apps.  However, I'm using Coldfusion's <cflogin> facility, which does a
similar thing (base64 encoding) in a cookie based on application name.
For instance, it'll use CFAUTHORIZATION_APPNAME as the cookie, in which
it will have the user name and password base64 encoded.  I have the
config file set to receive AuthTypes... of which they can be AUTH_NONE,
AUTH_BASIC, AUTH_CFAUTH.  If it's CF Auth, it needs the application
name.  parse_config pulls the app name and puts it in the service as a
user_pat regex, which is then checked against headers.  (So, auth_basic
is just a different header regex)

One thing I've also been thinking is since I know I do a lot of things
that aren't really standard, it might be nice to have the ability to
have hooks in several key locations, and have a published plugin API.
(for instance, a config-global hook, that allows running a plugin
function to add your own regex checks in the config file, or a
http_after_headers_before_proxy hook, or a different hook to allow
different backend types, etc.)  Some of it would be easy as function
hooks, other things would require changes to pound.h which affects
everything, so only some changes would be possible.  But it'd be
something.
 [...]
starting"[...]

I like syslog.  I want to use syslog.  But I test my changes on the same
server as my production data, and I don't want the messages to mix.  So
I made it a config directive.  There is an advantage to being able to
use the same binary to test, without messages going to syslog, and then
running a different config for production that does go to syslog.  Then
I'm sure I'm using the tested binary in my production environment.

Also for awhile, I was writing the logs out as access_log and error_log
for easy webalizing.  Since then I've moved to a syslog-ng stanza that
strips out the timestamps and a perl script that splits the logs into
servicename and backend specific log files.

Joseph Gooch
K12 Systems, Inc.

On Tue, 2007-01-02 at 14:41 -0500, Joe Gooch wrote:[...]

I certainly would be interested in your patches, and probably a few
other people as well. Would you like us to link to them on the Pound
page nor would you rather post them here?

Cold Fusion authentication: I feel this is a bit too non-standard, so
I'd rather leave it as an external patch.

Logging: how about we use a null facility for stdout/stderr instead of a
compile-time switch?[...]

> Logging: how about we use a null facility for stdout/stderr instead of
a[...]

+1 on this idea - this lets the default policy be super-secure, but the 
admin can aim the shotgun at his foot if he's confident he'll miss. :)
[...]

I just thought I'd mention that this problem seems to have gone away
since I installed Pound 2.2. However, I've also updated several other
components in the meantime (e.g. regular Ubuntu updates, Vmware updates
etc.) so not sure what the fix was. Time is too short for a root cause
analysis...

Very happy with pound now :-)
 

-----Original Message-----
From: F.Alcala-Soler(at)iaea.org [mailto:F.Alcala-Soler(at)iaea.org] 
Sent: 08 November 2006 12:27
To: pound(at)apsis.ch
Subject: RE: [Pound Mailing List]

Hi Dominic, 
[...]
[...]

I have a similar setup. The difference is that I have Pound installed
inside a VM instead of on the host itself and that I use NAT'ing instead
of bridging.
[...]

I can't see any reason why it shouldn't work. It must be a configuration
issue. Either in Pound or in VMware networking. Just bear in mind that
some Pound features will not work under certain configurations. For
instance, HAPort checks perform a TCP handshake to know if your back-end
is alive and the virtual VMware router for a NAT'ed VM, not being a real
router, will actually perform the full handshake before relaying it to
the back-end, which may or not be available.
[...]
[...]

Without having more details, it is difficult to tell what might be
wrong. Because you mention that some back-ends are not being contacted
and that your Pound server is listening on both internal and external
NICs, make sure that the internal NICs it is listening on are not the
ones of the back-ends.

Regards,

 Curro

This email message is intended only for the use of the named recipient.
Information contained in this email message and its attachments may be
privileged, confidential and protected from disclosure. If you are not
the intended recipient, please do not read, copy, use or disclose this
communication to others. Also please notify the sender by replying to
this message and then delete it from your system.


--
To unsubscribe send an email with subject 'unsubscribe' to
pound(at)apsis.ch.
Please contact roseg(at)apsis.ch for questions.
http://www.apsis.ch/pound/pound_list/archive/2006/2006-11/1162481668000/
1162988830000


--------------------------------------------------------------------------------
The information contained herein is confidential and is intended solely for the
addressee. Access by any other party is unauthorised without the express 
written permission of the sender. If you are not the intended recipient, please

contact the sender either via the company switchboard on +44 (0)20 7623 8000,
or
via e-mail return. If you have received this e-mail in error or wish to read
our
e-mail disclaimer statement and monitoring policy, please refer to 
http://www.dresdnerkleinwort.com/disc/email/
or contact the sender. 
--------------------------------------------------------------------------------

That's a nice idea.

Give me a couple days and I'll  split out my branch into patch sets and
throw up a site.

Joseph Gooch
K12 Systems, Inc.
[...]
have[...]
a[...]
pound(at)apsis.ch.[...]

Gray, Tom A [EQ] napisa?(a):[...]
pem must include your certificate data, not library headers of openssl.

>     Cert "/tools/openssl-0.9.8d/crypto/pem/pem.h"    

I doubt a file included with the openssl distribution is actually your 
certificate in PEM format.

You need to take your private key, cert, and any intermediate certs and 
put them in one file to make a PEM format cert.  Google can provide the 
remaining details.

Regards,[...]

Unfortunately, I have no idea what that means!   



-----Original Message-----
From: ForAll.pl - Firma [mailto:firma(at)forall.pl] 
Sent: Thursday, January 04, 2007 7:00 PM
To: pound(at)apsis.ch
Subject: Re: [Pound Mailing List] The PEM file

Gray, Tom A [EQ] napisa?(a):[...]
pem must include your certificate data, not library headers of openssl.

--
To unsubscribe send an email with subject 'unsubscribe' to pound(at)apsis.ch.
Please contact roseg(at)apsis.ch for questions.
http://www.apsis.ch/pound/pound_list/archive/2007/2007-01/1167734385000/1167958776000

Gray, Tom A [EQ] napisa?(a):[...][...][...]
You should craete new file, which will contain your private key used for 
certificate, and this certificate.
Something like this:

sample filename: /usr/local/pound/etc/pound.pem
content:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,9B26C4F7A68

SGCxWmWvp4NgLqwHkUOSgHNcifu/MqJOTrDohtmsZ+o/XGbOt1cmpd42Cg74PFM2
gfPjnEF52qBT4climIM54lf9WHVJN9c4SUiHcgNZaAokv8s7T3jXgdXrnh+jg3YH
7EmXJleCah50IFSzvZswLja2U37TbtJpsXBq6ozTV7+PbAv1FMkLiMs5w/XJ7xWj
gfPjnEF52qBT4climIM54lf9WHVJN9c4SUiHcgNZaAokv8s7T3jXgdXrnh+jg3YH
7EmXJleCah50IFSzvZswLja2U37TbtJpsXBq6ozTV7+PbAv1FMkLiMs5w/XJ7xWj
2jLbwukEpvxpbIsNmqFT4luMXLcQBK7QnIA91ov+/y3gd76rdwa1cg==
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDnDCCAwWgAwIBAgIJALNK3sp90SlpMA0GCSqGSIb3DQEBBAUAMIGRMQswCQYD
VQQGEwJQTDETMBEGA1UECBMKTWFsb3BvbHNrYTEPMA0GA1UEBxMGS3Jha293MRIw
SGCxWmWvp4NgLqwHkUOSgHNcifu/MqJOTrDohtmsZ+o/XGbOt1cmpd42Cg74PFM2
gfPjnEF52qBT4climIM54lf9WHVJN9c4SUiHcgNZaAokv8s7T3jXgdXrnh+jg3YH
7EmXJleCah50IFSzvZswLja2U37TbtJpsXBq6ozTV7+PbAv1FMkLiMs5w/XJ7xWj
SGCxWmWvp4NgLqwHkUOSgHNcifu/MqJOTrDohtmsZ+o/XGbOt1cmpd42Cg74PFM2
gfPjnEF52qBT4climIM54lf9WHVJN9c4SUiHcgNZaAokv8s7T3jXgdXrnh+jg3YH
7EmXJleCah50IFSzvZswLja2U37TbtJpsXBq6ozTV7+PbAv1FMkLiMs5w/XJ7xWj
ufV+nROTon3qGdx6SQd7FmZM322ejD/SmC0gD6mvAI1cmLFyBt4HgqmiqMgZN7rf
V/0RznLqlFe/RRFquSP2aQ==
-----END CERTIFICATE-----

Never mind, I figured that part out.  ;)

Now I'm having trouble figuring out how to install the intermediate
certificate from GoDaddy.  I've got the sf_issuing.crt file but I'm not
sure what to do with it so that Pound is aware of it.

-----Original Message-----
From: Michael St. Laurent [mailto:mikes(at)hartwellcorp.com] 
Sent: Tuesday, January 09, 2007 8:22 AM
To: pound(at)apsis.ch
Subject: [Pound Mailing List] SSL advice please?

Hi folks,

 

I could use a little advice with OpenSSL.  When I generated the cert
request I didn't know any better and put a pass-phrase on the key.
Obviously it's much more convenient for Pound if the key is not
encrypted.  Can anyone advise me on what commands to use to rewrite the
key file in an unencrypted format?


[...]

> Now I'm having trouble figuring out how to install the intermediate[...]

To make pem format certs, stir in:
- 1 RSA private key
- 1 SSL certificate
- Intermediate certificates to taste

Just put them all in the pem file.

Order can be relevant, I think the intermediate certs have to go first, 
but then again, I never remember.  Try it, and if you get a warning, 
reverse it and try again.  :)
[...]

I tried Key/My Cert/Int Cert and Int Cert/Key/My Cert but neither seemed
to work.  Below are the /var/log/messages entries from pound:

Jan  9 10:12:04 guardian pound: starting...
Jan  9 10:12:07 guardian pound: SSL_CTX_use_PrivateKey_file
"/usr/share/ssl/certs/pound-new.pem" failed - aborted
Jan  9 10:12:07 guardian pound: checking pound config file
/etc/pound/pound.cfg failed

The file listed (/usr/share/ssl/certs/pound-new.pem) is the one I'm
working with and the file perms are:

-rw-r--r--    1 root     root         3964 Jan  9 10:11 pound-new.pem

An openssl x509 -in pound-new.pem -noout -text command seems to return
valid and relevant information.

-----Original Message-----
From: Dave Steinberg [mailto:dave(at)redterror.net] 
Sent: Tuesday, January 09, 2007 9:15 AM
To: pound(at)apsis.ch
Subject: Re: [Pound Mailing List] SSL advice please?
[...]
not[...]

To make pem format certs, stir in:
- 1 RSA private key
- 1 SSL certificate
- Intermediate certificates to taste

Just put them all in the pem file.

Order can be relevant, I think the intermediate certs have to go first, 
but then again, I never remember.  Try it, and if you get a warning, 
reverse it and try again.  :)
[...]

> we are currently experiencing a memory leak with our pound usage. We have
to restart the pound process once a week because its memory usage is constantly
growing. In the changelog from 2.1 to 2.2.1, I didn't notice a memory leak fix.
What would be the best way to actually pinpoint the source of that very leak
and to correct it ?

Would you like to support any well-known software approaches for this purpose?
http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis#C_and.2For_C.2B.2B

The article "Insecurity in Open Source" by Ben Chelf is interesting, isn't it?
http://businessweek.com/technology/content/oct2006/tc20061006_394140.htm

Regards,
Markus

We were successfully able to get our GoDaddy certificate to work by
using the following order:

Key / Int. Cert / My Cert

If we tried "Key / My Cert / Int. Cert" we were unable to get pound to
start.



-----Original Message-----
From: Michael St. Laurent [mailto:mikes(at)hartwellcorp.com]
Sent: Tuesday, January 09, 2007
To: pound(at)apsis.ch
Subject: Re: [Pound Mailing List] SSL advice please?

I tried Key/My Cert/Int Cert and Int Cert/Key/My Cert but neither seemed
to work.  Below are the /var/log/messages entries from pound:

Jan  9 10:12:04 guardian pound: starting...
Jan  9 10:12:07 guardian pound: SSL_CTX_use_PrivateKey_file
"/usr/share/ssl/certs/pound-new.pem" failed - aborted
Jan  9 10:12:07 guardian pound: checking pound config file
/etc/pound/pound.cfg failed

The file listed (/usr/share/ssl/certs/pound-new.pem) is the one I'm
working with and the file perms are:

-rw-r--r--    1 root     root         3964 Jan  9 10:11 pound-new.pem

An openssl x509 -in pound-new.pem -noout -text command seems to return
valid and relevant information.

I tried URL redirect, but some webservices which I host fail for some
reason. The ideal option would be reverse proxying. 

Can some one please tell me how to redirect       

                  Client ---- https ---> Pound --- https
---->Backend(SunOneAppserver)

Is it possible? Or am I looking for something impossible?

Thanks in advance

Regards
Carl


-----Original Message-----
From: Carl Sajjan [mailto:Carl.Sajjan(at)Cybertech.com] 
Sent: Thursday, January 11, 2007 7:37 PM
To: pound(at)apsis.ch
Subject: [Pound Mailing List] https redirection


Hello,

       I am having two sites www1.example.com and www2.example.com ...
What I am trying to do is to have a setup when www1 goes down, transfer
all traffic to www2 and vice-versa 

               I use Pound 2.2 and I am able to redirect http
successfully, but when I redirect HTTPS it just encrypts partially i.e.
the link is alone https while the links inside the page are still under
http.
        
  How can I make the page fully SSL encrypted? I looked in the
documentation but out of luck still... Can someone point me in the right
direction? 

My https part of the pound.cfg looks like this

------------------------------------------------------------------------
---------------------

                 ListenHTTPS
             Address 172.16.1.241
             Port 443
             Cert "/usr/local/ssl/bin/test.pem"
             Service
               Backend
                    Address 12.12.12.12
                    Port 80
               End
             End
End
------------------------------------------------------------------------
-----------------------
                
Thanks in advance

Regards
Carl
[...]

Carl Sajjan wrote:[...]


If your URL shows HTTPS but your links in your page are showing HTTP,
then most likely the links in your page are hard coded with HTTP,
instead of using relative links.  The conversion is done by your
browser, not by pound.

For example if you are visiting https://mydomain.com and have the
following code:

<a href="http://mydomain.com/page1.html">Page1</a>

The link will appear, and go to, http://mydomain.com/page1.html.  If
you
use the following code:

<a href="/page1.html">Page1</a>

The link will appear, and go to, httpS://mydomain.com/page1.html.

Carl Sajjan wrote:[...]


You want your HTTP traffic to be wrapped by SSL coming to pound, and
then you want it wrapped again going from pound to the backend server?
Does your backend server only capable of listening for SSL wrapped HTTP
traffic, or can you have pound just communicate with just HTTP traffic,
so like this:

Client ---- https ---> Pound --- http> ---->Backend(SunOneAppserver)

Kenneth Burgener wrote:[...][...][...]

By the way, just in case you were asking about the first scenario, this
is from the Pound man page:

"The connection between Pound and the back-ends is always via HTTP, 
regardless of the actual protocol used between Pound and the client."

Kenneth,

             My links in code looks like

                          <a href="/page1.html">Page1</a>

                  Except for the disclaimer and a few things which I
really don't want to be encrypted.


Thanks
Carl.

  

-----Original Message-----
From: Kenneth Burgener [mailto:kenneth(at)mail1.ttak.org] 
Sent: Friday, January 12, 2007 2:54 AM
To: pound(at)apsis.ch
Cc: Carl Sajjan
Subject: Re: [Pound Mailing List] https redirection

Carl Sajjan wrote:[...]
i.e.[...]
under[...]


If your URL shows HTTPS but your links in your page are showing HTTP,
then most likely the links in your page are hard coded with HTTP,
instead of using relative links.  The conversion is done by your
browser, not by pound.

For example if you are visiting https://mydomain.com and have the
following code:

<a href="http://mydomain.com/page1.html">Page1</a>

The link will appear, and go to, http://mydomain.com/page1.html.  If
you
use the following code:

<a href="/page1.html">Page1</a>

The link will appear, and go to, httpS://mydomain.com/page1.html.

Ok. Since I am serving the same content by Http and Https, I really
wouldn't mind the pound ---> backend part (80/443) since all the servers
are in my private network. 


Thanks
Carl

-----Original Message-----
From: Kenneth Burgener [mailto:kenneth(at)mail1.ttak.org] 
Sent: Friday, January 12, 2007 3:10 AM
To: pound(at)apsis.ch; Carl Sajjan
Subject: Re: [Pound Mailing List] https redirection



Kenneth Burgener wrote:[...][...][...]
HTTP[...]
traffic,[...]

By the way, just in case you were asking about the first scenario, this
is from the Pound man page:

"The connection between Pound and the back-ends is always via HTTP, 
regardless of the actual protocol used between Pound and the client."

Kenneth,


            Sorry you are right. I now found the culprit.

 I found this in the second line of code.

       <base href = http:// >

This is the thing which makes the page http right?

Thank You for your help,


-Carl


-----Original Message-----
From: Carl Sajjan [mailto:Carl.Sajjan(at)Cybertech.com] 
Sent: Friday, January 12, 2007 3:20 AM
To: Kenneth Burgener; pound(at)apsis.ch
Subject: RE: [Pound Mailing List] https redirection

Kenneth,

             My links in code looks like

                          <a href=page1.html">Page1</a>

                  Except for the disclaimer and a few things which I
really don't want to be encrypted.


Thanks
Carl.

  

-----Original Message-----
From: Kenneth Burgener [mailto:kenneth(at)mail1.ttak.org] 
Sent: Friday, January 12, 2007 2:54 AM
To: pound(at)apsis.ch
Cc: Carl Sajjan
Subject: Re: [Pound Mailing List] https redirection

Carl Sajjan wrote:[...]
i.e.[...]
under[...]


If your URL shows HTTPS but your links in your page are showing HTTP,
then most likely the links in your page are hard coded with HTTP,
instead of using relative links.  The conversion is done by your
browser, not by pound.

For example if you are visiting https://mydomain.com and have the
following code:

<a href=ttp://mydomain.com/page1.html">Page1</a>

The link will appear, and go to, http://mydomain.com/page1.html.  If
you
use the following code:

<a href=page1.html">Page1</a>

The link will appear, and go to, httpS://mydomain.com/page1.html.


[...]

Carl Sajjan wrote:[...]


Hmm.  This sounds similar to the problem we had with Jira.  Jira is a
bug tracking application that sits on Tomcat, and would experience the
same problem as you are describing.

I am curious...  View the source of the rendered page from your browser
and see if the

  <a href="page1.html">Page1</a>

was converted to a full url http://domain/ by the
application or
application server:

  <a href="http://domain/page1.html">Page1</a>

If your application, or SunOneAppserver, worked the same way as Jira, or
Tomcat, you may be experiencing the same problem as I did.

I found a few other references to this same problem:

http://www.apsis.ch/pound/pound_list/archive/2006/2006-09/1158702432000

Unfortunately we gave up on having Pound in front of Jira and gave
direct web access directly to Jira/Tomcat to do its own SSL work.  I
would still be interested in figuring out the solution though.



Kenneth

Carl Sajjan wrote:[...]


That would probably do it.

Kenneth,

               This might be a little off topic, but might help some
like me.

        Is there a way to overcome this situation and make https
redirection work?

Thanks a lot
Carl

-----Original Message-----
From: Kenneth Burgener [mailto:kenneth(at)mail1.ttak.org] 
Sent: Friday, January 12, 2007 5:14 AM
To: pound(at)apsis.ch
Subject: Re: [Pound Mailing List] https redirection

Carl Sajjan wrote:[...]


That would probably do it.

[...]

Carl Sajjan wrote:[...][...][...]


Did you try changing the base href to be https://?  Did
that not fix the
problem?


"The base href tag is one of several tags in html that aid in reducing
the amount of repetitive text in your document. By declaring a base href
you are in affect telling the browser that all relative links contained
within the document start from that specified base location."
  http://www.codeave.com/html/code.asp?u_log=5028

Kenneth,

              The thing is 
              
               when I listen on 443 the <base href = https://> 
                                         80 the <base href = http://>


         Since pound listens only on http, this happens. Is there a way
I can change this to some dynamic sort of thing/ change when the request
comes?

Doesn't look logical but someone might have some solutions/workaround?

Thanks a lot!

Regards
Carl

-----Original Message-----
From: Kenneth Burgener [mailto:kenneth(at)mail1.ttak.org] 
Sent: Friday, January 12, 2007 10:39 PM
To: pound(at)apsis.ch
Subject: Re: [Pound Mailing List] https redirection

Carl Sajjan wrote:[...][...][...]


Did you try changing the base href to be https://?  Did
that not fix the
problem?


"The base href tag is one of several tags in html that aid in reducing
the amount of repetitive text in your document. By declaring a base href
you are in affect telling the browser that all relative links contained
within the document start from that specified base location."
  http://www.codeave.com/html/code.asp?u_log=5028
[...]

I've had Pound running for a few months (2.1.3).  It works wonderfully but
oddly it seems to crash mysteriously about once per week. Load is quite
moderate with Pound being used mostly to increase reliability.  I just
upgraded to the latest (2.2.1) and will see if the problem persists.  I have
read a few comments on this list about the need to periodically restart
Pound.

I would like to help debug this issue in any way I can.   It's not my area
of expertise but if someone could specify a way to modify the way my
production environment uses Pound so that it captures useful debugging info,
I'd be happy to set this up.  I'm running linux 2.6.

-matt

On 1/7/07, jerome.doucerain(at)bell.ca <jerome.doucerain(at)bell.ca>
wrote:[...]

Carl Sajjan wrote:[...]


Pound does no listen only on HTTP, it can listen on HTTP and HTTPS, but
outgoing traffic is only HTTP.

If your entire application used relative URLs you could access the site
both via http:// and https://.  Your browser would make
the adjustments.
 It is when you have hardcoded URLs or things like "base href" that
cause problems.

I think you have two options, if you want it to work in both scenarios.
 You can either change the application so that it uses ONLY relative
URLs, or you could find a proxy application that will rewrite URLs for
you.  The easier choice will be the first.

Joe,

great stuff.  I vote for "Stats & Log" patch to be made part of the 
regular pound code (since I have a similar patch with LogLevel).  I 
noticed that you don't have LogLevel 5 & 6 for Redirects.

Albert

Joe Gooch wrote:[...][...]
>>> If when you get to that point, you'd like patches, let me know.  I
>>>       [...]
>>> a local subversion repository from which I can do patches against
a
>>> vendor tag.  I already have these items implemented.  I'm glad
we're
>>> thinking alike. :)
>>>       [...][...][...][...][...][...]

Good catch!  It's one of the newer features that I just don't use.  ( I
do my SSL redirects on the backend)  It doesn't help that I've rolled
that forward since pound 1.6 either.

I've updated the patch with redirect logger lines, so snag a new copy if
you'd like!

Thanks.

Joseph Gooch
Sapphire Suite Product Manager
K12 Systems, Inc.
(866) 366-9540
[...]
a[...]
we're[...]
Pound[...]
so[...]
of[...]
pound(at)apsis.ch.[...]