/ Zope / Apsis / Pound Mailing List / Archive / 2007 / 2007-06 / strange redirect behavior from behind pound

[ << ] [ >> ]

[ Multihomed pound server / James Evans ... ] [ Pound & Safari fun / Dave Steinberg ... ]

strange redirect behavior from behind pound
Ivo Schindler <ivo.schindler(at)i-web.ch>		 2007-06-22 08:36:18 [ FULL ] 
hi list

i detected a strange behavior in redirections from behind pound.
when i want my application or apache to redirect, the "https" part does
not get back to the browser when it should redirect on the same url but
with ssl. example:

https://foo.ch and http://foo.ch are handled correct by pound on X and
sent both to server Y with apache running. when i try to make a
redirection on Y from ex http://foo.ch/bar/ to
https://bar.ch the
browser redirects correctly to https://bar.ch.
when redirecting to
https://foo.ch the browser redirects only to http://foo.ch (ssl missing) 
and ends up in a loop.

my setup:
- same behavior in pound 2.2.7 and 2.3.2
- pound config on IP X:
ListenHTTP
         Address X
         Port    80
End
ListenHTTPS
         Address X
         Port    443
         Cert    "/etc/pound/aaa.pem"
         AddHeader "IS_SSL: SSL"
End
Service
         BackEnd
                 Address Y
                 Port    80
                 TimeOut 60
         End
End

- apache config on IP Y:
NameVirtualHost *
<VirtualHost *>
     ServerName foo.ch
     RewriteEngine On
     RewriteCond %{HTTP:IS_SSL} !^SSL$
     RewriteRule ^(.*) https://foo.ch/$1 [L,R]
...


i solved it for now, by redirecting twice: http://foo.ch ->
http://bar.ch -> https://foo.ch

is it a configuration problem or is pound doing something wrong?
thanks a lot.

Ivo Schindler

Dipl. Inf. Uni ZH
Programmierer, System-Entwickler und -Administrator
[...]
Re: [Pound Mailing List] strange redirect behavior from behind pound
Richard Wilson <Richard.Wilson(at)senokian.com>		 2007-06-22 13:53:12 [ FULL ] 
Ivo Schindler wrote:[...]

This sounds to me like a recent problem I had. By default, Pound tries
to be clever and 'fix' things when it sees a redirect to a URL using the
'wrong' protocol. The relevant excerpt from the 2.3.2 version of the man
page says:


RewriteLocation 0|1|2
    If 1 force Pound to change the Location: and Content-location:
headers in responses. If they point to the back-end itself or to the
listener (but with the wrong protocol) the response will be changed to
show the virtual host in the request. Default: 1 (active). If the value
is set to 2 only the back-end address is compared; this is useful for
redirecting a request to an HTTPS listener on the same server as the
HTTP listener.

(Taken from the HTTP Listener section)

I think perhaps if you try tweaking this you will get the behavior you
require.

[...]
Re: [Pound Mailing List] strange redirect behavior from behind pound
Ivo Schindler <ivo.schindler(at)i-web.ch>		 2007-06-22 18:50:56 [ FULL ] 
Richard Wilson schrieb:[...][...][...]

Thanx.
Now it works like it should with RewriteLocation 2 !
MailBoxer