Hi All thanks to the last poster yes it is https  it cant to talk to back end https hence get it to talk to normal apache and all is fine,.. but is this now really https ? or is it port 80 traffic being redirected on port 443 ( i.e clear text .... :( )

Or does using the cert mean it is getting encrypted ?  from web to server then pound decrypts and sends clear text to localhost   aha I think i get it ...

Very cool


I do have another question though ..

I want some strict url settings where I allow %5.* %3.* [1char] but

disallow.. %.* and [anyother combo]

hence if url line has %3dsaAblach%5[6] let it go through but if i have

%3dsaAblach%5[6]%4  fail (%4)
%3dsaAblach%5[asd6] fail ([asd6])
and so forth..

here is config now for who ever else gets stuck on ssl - the trick the the pem file - which i posted before..
ListenHTTPS
    Address 10.0.0.1
    Port 443
    xHTTP 1
    Cert "/etc/apache-ssl/poundcert.pem"
    Ciphers "RC4-MD5:RC4-SHA:IDEA-CBC-MD5:DES-CBC3-SHA"
END
ListenHTTP
  Address 10.0.0.1
  Port 80
  xHTTP 1
END
Service
   Url         "(%7.*|`|;|\|@|\||~|<|>|\"|\$|\(|\)|\{|\}|\*|!|')"
   Redirect    "http://www.domain"
End
Service
  BackEnd
    Address  127.0.0.1
    Port  83
  End
End




On 10/07/07, Mister V <badvad@gmail.com> wrote:

https returns

500 internal error

An internal server error occurred. Please try again later.

syslog says:

Jul 10 19:44:08 localhost pound: response error read from 127.0.0.1:82: Connection reset by peer

apache-ssl logs says:

[Tue Jul 10 19:44:08 2007] [error] SSL_accept failed
[Tue Jul 10 19:44:08 2007] [error] error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request

From what i have researched it is passing http to https port .?

This is my config ?

(where am i going wrong or what is done wrong)
pound.cfg(ssl config)
  ListenHTTPS
                Address xxx.xxx.xxx.xxx
                Port    443
                Cert    "/etc/apache-ssl/poundcert.pem"
                AddHeader "X-Forwarded-Proto: https"

                HeadRemove "X-Forwarded-Proto"
                AddHeader "Front-End-Https: on"
                Ciphers "RC4-MD5:RC4-SHA:IDEA-CBC-MD5:DES-CBC3-SHA"
        Service
               Url         "(%|`|;|\|@|\||~|<|>|\"|\$|\(|\)|\{|\}|\[|\]\*|!|')"
               Redirect    "http://www.domain/"
        End
        Service
              BackEnd
               Address  127.0.0.1
               Port  82
             End
        End
  End

(netstat - showing port 82 is up)
root@XXXXXX:# netstat -an|grep 82
tcp        0      0 127.0.0.1:82            0.0.0.0:*               LISTEN


httpd.conf in apache-ssl showing the various configs done or there for ssl.

grep 82 /etc/apache-ssl/httpd.conf
Listen 127.0.0.1:82
Port 82


grep SSL /etc/apache-ssl/httpd.conf |grep -v "#"
SSLRandomFile file /dev/urandom 1024
SSLRandomFilePerConnection file /dev/urandom 1024
SSLEnable
SSLCacheServerPath /usr/lib/apache-ssl/gcache
SSLCacheServerPort /var/run/gcache_port
SSLSessionCacheTimeout 15
SSLCertificateKeyFile /etc/apache-ssl/server.pem
SSLCertificateFile     /etc/apache-ssl/server.crt
SSLVerifyClient 0
SSLVerifyDepth 10
SSLUseCRL
SSLCRLCheckAll
SSLOnRevocationSetEnv SSL_REVOKED
SSLOnCRLExpirySetEnv SSL_CRL_EXPIRED
SSLOnNoCRLSetEnv SSL_NO_CRL
SSLFakeBasicAuth
SSLRequiredCiphers RC4-MD5:RC4-SHA:IDEA-CBC-MD5:DES-CBC3-SHA
SSLRequireCipher
SSLBanCipher NULL-MD5:NULL-SHA

thanks
vahid