By doing some tests i got a list of the parameters in the header :

DOCUMENT_ROOT : /var/www/html
GATEWAY_INTERFACE : CGI/1.1
HTTP_ACCEPT : text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_ACCEPT_CHARSET : ISO-8859-1,utf-8;q=0.7,*;q=0.7
HTTP_ACCEPT_ENCODING : gzip,deflate
HTTP_ACCEPT_LANGUAGE : fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
HTTP_CACHE_CONTROL : no-cache
HTTP_CONNECTION : keep-alive
HTTP_HOST : web-application.intranet.fr:445
HTTP_KEEP_ALIVE : 300
HTTP_PRAGMA : no-cache
HTTP_USER_AGENT : Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1
HTTP_X_FORWARDED_FOR : xxx.xxx.xxx.xxx
HTTP_X_SSL_CERTIFICATE : -----BEGIN CERTIFICATE----- MIIDoDCCAwmgAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBiTELMAkGA1UEBhMCRlIx DDAKBgNVBAgTA0lkRjEOMAwGA1UEBxMFUGFyaXMxDTALBgNVBAoTBEJ1bGwxEzAR BgNVBAsTClBsYXF1ZSBJZEYxEzARBgNVBAMUCmNhX21hcnRpYWwxIzAhBgkqhkiG 9w0BCQEWFGNhX21hcnRpYWxAc2l2MDIub3JnMB4XDTA4MDQyMjE0MzA1M1oXDTA5 MDQyMjE0MzA1M1owgYgxCzAJBgNVBAYTAkZSMQwwCgYDVQQIEwNJZEYxDTALBgNV BAoTBEJ1bGwxEzARBgNVBAsTClBsYXF1ZSBJZEYxHTAbBgNVBAMTFHBldWdlb3Qt dmlsbGV0YW5hdXNlMSgwJgYJKoZIhvcNAQkBFhlwZXVnZW90LXZpbGxldGFuYXVz ZUBzaXYyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDq15ld6bkIPa7c19lv GYa54UjAWEeOo9B4qQKR7QGTC9RDGkHtewYK4/I/Vz+u2jE5ncl7PBevdrv9h7PB Y6O41kqpw9lzecY9bdhWm3lNmyyNo8j37nGK5YLqJdbdUoJGd/P3NE/HZiWpqTHu luPLjVWxD2oqC0dBOoCzBRj+sQIDAQABo4IBFTCCAREwCQYDVR0TBAIwADAsBglg hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O BBYEFHMowEpX+ItgU4CshQgGmMC/kay1MIG2BgNVHSMEga4wgauAFCk+aqkqPIyL ROX3X5ScPPxwo2TqoYGPpIGMMIGJMQswCQYDVQQGEwJGUjEMMAoGA1UECBMDSWRG MQ4wDAYDVQQHEwVQYXJpczENMAsGA1UEChMEQnVsbDETMBEGA1UECxMKUGxhcXVl IElkRjETMBEGA1UEAxQKY2FfbWFydGlhbDEjMCEGCSqGSIb3DQEJARYUY2FfbWFy dGlhbEBzaXYwMi5vcmeCAQAwDQYJKoZIhvcNAQEEBQADgYEAnfQjLoGuEDZmYJL+ pF4IFmEUluC17GTkwNwDxaneX9vOhKS9tffllB5yYgUqbPIP0ralclZsPojAmaUh 7Vtzj1nwY5fntP505DJ4pgl0mD5FwmQmyUDlqIcafHsMgs5xD8dy6iH6cPTra1u4 2ZBWYmvVgGLpvArA0CEV4GbxLAI= -----END CERTIFICATE-----
HTTP_X_SSL_CIPHER : AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
HTTP_X_SSL_ISSUER : C = FR, ST = IdF, L = Paris, O = Bull, OU = Plaque IdF, CN = ca_martial, emailAddress = ca_martial@siv02.org
HTTP_X_SSL_NOTAFTER : Apr 22 14:30:53 2009 GMT
HTTP_X_SSL_NOTBEFORE : Apr 22 14:30:53 2008 GMT
HTTP_X_SSL_SERIAL : 2
HTTP_X_SSL_SUBJECT : C = FR, ST = IdF, O = Bull, OU = Plaque IdF, CN = xxxx, emailAddress = xxx@siv2
PATH : /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin
QUERY_STRING :
REMOTE_ADDR : 129.181.20.13
REMOTE_PORT : 46805
REQUEST_METHOD : GET
REQUEST_URI : /cgi/headers.cgi
SCRIPT_FILENAME : /var/www/html/cgi/headers.cgi
SCRIPT_NAME : /cgi/headers.cgi
SERVER_ADDR : xxx.xxx.xxx.xxx
SERVER_ADMIN : root@localhost
SERVER_NAME : web-application.intranet.fr
SERVER_PORT : 445
SERVER_PROTOCOL : HTTP/1.1
SERVER_SIGNATURE :

Apache/2.0.52 (Red Hat) Server at siv-vabf-part.interieur.gouv.fr Port 445

SERVER_SOFTWARE : Apache/2.0.52 (Red Hat)

It seems that SERVER_PROTOCOL is not overwritten. That's why my java application rebuild the requested url with the wrong protocol (It should be HTTPS).

Here is the implementation of the method used on the java side :

    public static StringBuffer getRequestURL(HttpServletRequest req) {
        StringBuffer url = new StringBuffer();
        String scheme = req.getScheme();
        int port = req.getServerPort();
        String urlPath = req.getRequestURI();

        //String servletPath = req.getServletPath ();
        //String pathInfo = req.getPathInfo ();

        url.append(scheme); // http, https (SERVER_PROTOCOL)
        url.append("://");
        url.append(req.getServerName()); // (SERVER_NAME)
        if ((scheme.equals("http") && port != 80)
                || (scheme.equals("https") && port != 443)) {
            url.append(':');
            url.append(req.getServerPort()); // (SERVER_PORT)
        }
        //if (servletPath != null)
        //    url.append (servletPath);
        //if (pathInfo != null)
        //    url.append (pathInfo);
        url.append(urlPath); (REQUEST_URI)
        return url;

Is there a solution to get the right value for SERVER_PROTOCOL?

2008/7/24 Gaël de Villeblanche <gaeldevilleblanche@gmail.com>

Hi,

I configured Pound like this :

ListenHTTPS
            Address 0.0.0.0
            Port 443
            Cert "/pound/V243/certificates/local.server.pem"
            xHTTP 2
            RewriteLocation 2

            Service
                URL ".*"
                BackEnd
                        Address xxx.xxx.xxx.xxx
                        Port 80
                End
            End
End

For each hit on my web application, an extraction in the HTTP header is made in order to get the called URI and to check if it is known by the system or not. If not, the user can't enter de web application, the access is denied. Don't mind about the relevance of this checking, i just simplify the explanations....

And here is my problem, when i call "https://web-application.intranet.fr" in my browser, the identified URL passed by Pound is "http://web-application.intranet.fr". So my application deny the access because it knows the HTTPS URI but not the HTTP one.

What did i do wrong? Is there a parameter in the configuration to fix to get the right recognition of my URL in the HTTP headers? I tried to fix a value for RewriteDestination, it doesn't resolved my problem...

Any help would be appreciated,

Best regards,

Gaël de Villeblanche

--
Gaël de Villeblanche