|
/
Zope
/
Apsis
/
Pound Mailing List
/
Archive
/
2007
/
2007-03
/
HeadRequire check http and https?
[
Dynamic rescaling calculations / Albert ... ]
[
Gathering response time information; / "Adam ... ]
HeadRequire check http and https?
michael.ringler(at)itecplus.de |
2007-03-19 16:41:28 |
[ FULL ]
|
Hello,
I would like to check the incoming URL if http or https.
I tried the HeadRequire-Option in the Service-Section but it seems that
only the domain without http|https is checked.
The URL-Options checks only the text after the domain so it does not work
too.
How can I do this? Perhaps with an another option and not with
HeadRequire?
Example: (with my own syntax, which does not work but I wish it would)
...
Service
HeadRequire "^http://.*"
Backend
Address 1.2.3.4
Port 80
End
End
Service
HeadRequire "^https://.*"
Backend
Address 5.6.7.8
Port 80
End
End
...
Thanks
Michael Ringler
|
|
|
|
|
Re: [Pound Mailing List] HeadRequire check http and https?
Albert <pound(at)alacra.com> |
2007-03-19 16:59:51 |
[ FULL ]
|
michael.ringler(at)itecplus.de wrote:[...]
You should be able to distinguish between http and https in you
ListentHTTP and ListenHTTPS directives. You can put a service in each
one to separate requests for http/https traffic to go to different
backends. You can also put a directive like with AddHeader into either
ListenHTTP or ListenHTTPS so you can distinguish the http vs https on
your backend (for example, you can put 'AddHeader "Front-End-Https: on"
' in your ListenHTTPS and then check for Fron-End-Https header on your
backends)
|
|
|
|
|
Re: [Pound Mailing List] HeadRequire check http and https?
John Moore <john(at)jmsd.co.uk> |
2007-03-19 17:02:12 |
[ FULL ]
|
michael.ringler(at)itecplus.de wrote:[...]
The http/https bits are the protocol in the URL, and are not headers as
such. I haven't checked this out, but it may well be that matching on
the URL would work. If not, what should work is using HeadRequire to
test for one of the headers that Pound adds when it decrypts an SSL
connection (they begin X-SSL, check the docs).
John[...]
[...]
|
|
|
RE: [Pound Mailing List] HeadRequire check http and https?
"John Snowdon" <j.p.snowdon(at)newcastle.ac.uk> |
2007-03-19 17:03:49 |
[ FULL ]
|
Michael, you need to use two listeners, a http listener on port 80 and a
https listener on port 443 - then you won't need any headrequire
directives to match the host protocol.
Something like....
ListenHTTP
Address 1.1.1.1
Port 80
Service
Headrequire "Host:.*.*"
Backend
address backend1.com
port 81
End
End
End
ListenHTTPS
Address 1.1.1.1
Port 443
Cert "my_cert_chain.pem"
Service
Headrequire "Host:.*.*"
Backend
address backend2.com
port 81
End
End
End
Any traffic going to http://1.1.1.1 will be sent
to backend1.com:81 in
the clear and any traffic going to https://1.1.1.1 will be handled and
then passed in clear to backend2.com:81
BTW, this is version >2.0 syntax.
Hope that helps.
John Snowdon - IT Support Specialist
-==========================================-
School of Medical Education Development
Faculty of Medical Sciences Computing
University of Newcastle
Email : j.p.snowdon(at)ncl.ac.uk
[...]
|
|
|
Antwort: RE: [Pound Mailing List] HeadRequire check http and https?
michael.ringler(at)itecplus.de |
2007-03-20 08:26:48 |
[ FULL ]
|
Thanks for the answers. My example works now. The first step is complete.
Now I would like to achive this:
A user called a website with http://www.abc.de
and should automatically
redirected to https://www.abc.de and the
further connection is also via
https.
Is the Backend-Website a static site with .html, it works. Is the
Backend-Website a dynamic site with .php, stylesheets and more it works
not. It will result in a loop and the site never come.
I configured this:
...
ListenHTTP
Address 1.1.1.1
Port 80
Service
HeadRequire "Host: *.www.abc.de.*"
Redirect "https://www.abc.de"
End
End
ListenHTTPS
Address 1.1.1.1
Port 443
Cert "cert.pem"
Service
HeadRequire "Host: .*www.abc.de.*"
Backend
Address 2.2.2.2
Port 80
End
End
End
Michael
|
|
|
|
|
|
