/ Zope / Apsis / Pound Mailing List / Archive / 2007 / 2007-03 / Antwort: Re: [Pound Mailing List] HTTP-HTTPS-Rewrite

[ << ] [ >> ]

[ HTTP-HTTPS-Rewrite / michael.ringler(at)itecplus.d... ] [ Backend status from Pound / Audun Ytterdal ... ]

Antwort: Re: [Pound Mailing List] HTTP-HTTPS-Rewrite
michael.ringler(at)itecplus.de		 2007-03-22 10:11:54 [ FULL ] 
Thanks for the answer. But we have a Novell-Ichain-Proxy with 
automatically HTTP-HTTPS-Rewrite.
It's the same backend and with Ichain it works. I dont know how Ichain it 
make.
The problem occures when the backend is a dynamic site.

I hope you/we find a solution.


Thanks
Michael
Attachments:  
text.html text/html 561 Bytes
Re: Antwort: Re: [Pound Mailing List] HTTP-HTTPS-Rewrite
Stefan Lambrev <stefan.lambrev(at)sun-fish.com>		 2007-03-22 10:47:23 [ FULL ] 
Hi,

michael.ringler(at)itecplus.de wrote:[...]
Because it use rewrite and not redirect feature, which is very very 
different.
Pound rewrite HTTP to HTTPS in response url, but if your "dynamic" part 
returns:
http://site.com/something.pl .. I do
not see how pound can handle this.
And it's absolutely normal that this redirect makes loop.

The main difference is that Novell-Ichain-Proxy support rewrite (Secure 
Exchange?), and pound does not have such features.
That's why I told you if you need rewrite to do it on the back-end, it's 
not big pain in most cases :)

You also can play little with (from man pound):

       RewriteLocation 0|1|2
              If  1  force Pound to change the Location: and 
Content-location:
              headers in responses. If they point to the back-end itself 
or to
              the  listener (but with the wrong protocol) the response 
will be
              changed to show the virtual host  in  the  request.  
Default:  1
              (active).  If the value is set to 2 only the back-end 
address is
              compared; this is useful for redirecting a request to  an  
HTTPS
              listener on the same server as the HTTP listener.

       RewriteDestination 0|1
              If  1 force Pound to change the Destination: header in 
requests.
              The header is changed to point to the back-end itself  
with  the
              correct protocol. Default: 0.

and tell us if this works for you.
[...]
Antwort: Re: Antwort: Re: [Pound Mailing List] HTTP-HTTPS-Rewrite
michael.ringler(at)itecplus.de		 2007-03-22 11:25:44 [ FULL ] 
I thought it works because the following text in the manual:

..
Redirect "http://abc.example
and the client requested http://xyz/a/b/c then
will be redirected to 
http://abc.example/a/b/c
..

so I thought further that a request http://www.abc.de/pages/site.php 
redirected to https://www.abc.de/pages/site.php
and then it will be 
forwarded
from the ListenHTTPS-Section in the pound.cfg.

I will try your suggestion and will tell you the result.

Thanks
Michael


Hi,

michael.ringler(at)itecplus.de wrote:[...]
it [...]
Because it use rewrite and not redirect feature, which is very very 
different.
Pound rewrite HTTP to HTTPS in response url, but if your "dynamic" part 
returns:
http://site.com/something.pl .. I do
not see how pound can handle this.
And it's absolutely normal that this redirect makes loop.

The main difference is that Novell-Ichain-Proxy support rewrite (Secure 
Exchange?), and pound does not have such features.
That's why I told you if you need rewrite to do it on the back-end, it's 
not big pain in most cases :)

You also can play little with (from man pound):

       RewriteLocation 0|1|2
              If  1  force Pound to change the Location: and 
Content-location:
              headers in responses. If they point to the back-end itself 
or to
              the  listener (but with the wrong protocol) the response 
will be
              changed to show the virtual host  in  the  request. 
Default:  1
              (active).  If the value is set to 2 only the back-end 
address is
              compared; this is useful for redirecting a request to  an 
HTTPS
              listener on the same server as the HTTP listener.

       RewriteDestination 0|1
              If  1 force Pound to change the Destination: header in 
requests.
              The header is changed to point to the back-end itself 
with  the
              correct protocol. Default: 0.

and tell us if this works for you.
[...]
Attachments:  
text.html text/html 3738 Bytes
Re: [Pound Mailing List] OR keyword
Rune Saetre <rune.saetre(at)netcom-gsm.no>		 2007-03-28 13:09:01 [ FULL ] 
Hi

If I understand you correctly you want just 2 url groups, one for '^/img/' 
and one for '^/archive/'.

The HeadRequire would look the same for both groups:

HeadRequire "^Host: (www\.)?(server1|server2|(server-c))\.(com|org)(:80)?$"

This would match all of these:
Host: server1.com
Host: server1.org
Host: server2.com
Host: server2.org
Host: server-c.com
Host: server-c.org
Host: www.server1.com
Host: www.server1.org
Host: www.server2.com
Host: www.server2.org
Host: www.server-c.com
Host: www.server-c.org
Host: server1.com:80
Host: server1.org:80
Host: server2.com:80
Host: server2.org:80
Host: server-c.com:80
Host: server-c.org:80
Host: www.server1.com:80
Host: www.server1.org:80
Host: www.server2.com:80
Host: www.server2.org:80
Host: www.server-c.com:80
Host: www.server-c.org:80

Now with two UrlGroups you can send all traffic to /img for all these 
vhosts to one server pool and /archive to another.

Would this solve your problem?

Rune

---
Rune Sætre <rune.saetre(at)netcom-gsm.no>
NetCom as
..

On Wed, 28 Mar 2007, Audun Ytterdal wrote:
[...]
Re: [Pound Mailing List] OR keyword
Audun Ytterdal <ay(at)linpro.no>		 2007-03-28 13:36:47 [ FULL ] 
Rune Saetre wrote:[...]
Figured it out about three seconds after I sent the mail.

--
Audun
MailBoxer