I ended up adding a custom HTTPS header ('FRONT-END-HTTPS: on') and just check
for that. It used to work without it when we were running on 1.x, but when we
switched to 2.x we had to add it.
--Alfonso
-----Original Message-----
From: Gaël de Villeblanche [mailto:gaeldevilleblanche(at)gmail.com]
Sent: Friday, July 25, 2008 8:30 AM
To: pound(at)apsis.ch
Subject: [Pound Mailing List] Re: HTTPS URI recognition
By doing some tests i got a list of the parameters in the header :
DOCUMENT_ROOT : /var/www/html
GATEWAY_INTERFACE : CGI/1.1
HTTP_ACCEPT :
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
HTTP_ACCEPT_CHARSET : ISO-8859-1,utf-8;q=0.7,*;q=0.7 HTTP_ACCEPT_ENCODING :
gzip,deflate HTTP_ACCEPT_LANGUAGE : fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
HTTP_CACHE_CONTROL : no-cache
HTTP_CONNECTION : keep-alive
HTTP_HOST : web-application.intranet.fr:445 HTTP_KEEP_ALIVE : 300 HTTP_PRAGMA :
no-cache HTTP_USER_AGENT : Mozilla/5.0 (Windows; U; Windows NT 5.1; fr;
rv:1.9.0.1)
Gecko/2008070208 Firefox/3.0.1
HTTP_X_FORWARDED_FOR : xxx.xxx.xxx.xxx
HTTP_X_SSL_CERTIFICATE : -----BEGIN CERTIFICATE-----
MIIDoDCCAwmgAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBiTELMAkGA1UEBhMCRlIx
DDAKBgNVBAgTA0lkRjEOMAwGA1UEBxMFUGFyaXMxDTALBgNVBAoTBEJ1bGwxEzAR
BgNVBAsTClBsYXF1ZSBJZEYxEzARBgNVBAMUCmNhX21hcnRpYWwxIzAhBgkqhkiG
9w0BCQEWFGNhX21hcnRpYWxAc2l2MDIub3JnMB4XDTA4MDQyMjE0MzA1M1oXDTA5
MDQyMjE0MzA1M1owgYgxCzAJBgNVBAYTAkZSMQwwCgYDVQQIEwNJZEYxDTALBgNV
BAoTBEJ1bGwxEzARBgNVBAsTClBsYXF1ZSBJZEYxHTAbBgNVBAMTFHBldWdlb3Qt
dmlsbGV0YW5hdXNlMSgwJgYJKoZIhvcNAQkBFhlwZXVnZW90LXZpbGxldGFuYXVz
ZUBzaXYyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDq15ld6bkIPa7c19lv
GYa54UjAWEeOo9B4qQKR7QGTC9RDGkHtewYK4/I/Vz+u2jE5ncl7PBevdrv9h7PB
Y6O41kqpw9lzecY9bdhWm3lNmyyNo8j37nGK5YLqJdbdUoJGd/P3NE/HZiWpqTHu
luPLjVWxD2oqC0dBOoCzBRj+sQIDAQABo4IBFTCCAREwCQYDVR0TBAIwADAsBglg
hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
BBYEFHMowEpX+ItgU4CshQgGmMC/kay1MIG2BgNVHSMEga4wgauAFCk+aqkqPIyL
ROX3X5ScPPxwo2TqoYGPpIGMMIGJMQswCQYDVQQGEwJGUjEMMAoGA1UECBMDSWRG
MQ4wDAYDVQQHEwVQYXJpczENMAsGA1UEChMEQnVsbDETMBEGA1UECxMKUGxhcXVl
IElkRjETMBEGA1UEAxQKY2FfbWFydGlhbDEjMCEGCSqGSIb3DQEJARYUY2FfbWFy
dGlhbEBzaXYwMi5vcmeCAQAwDQYJKoZIhvcNAQEEBQADgYEAnfQjLoGuEDZmYJL+
pF4IFmEUluC17GTkwNwDxaneX9vOhKS9tffllB5yYgUqbPIP0ralclZsPojAmaUh
7Vtzj1nwY5fntP505DJ4pgl0mD5FwmQmyUDlqIcafHsMgs5xD8dy6iH6cPTra1u4
2ZBWYmvVgGLpvArA0CEV4GbxLAI= -----END CERTIFICATE----- HTTP_X_SSL_CIPHER :
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 HTTP_X_SSL_ISSUER : C =
FR, ST = IdF, L = Paris, O = Bull, OU = Plaque IdF, CN = ca_martial,
emailAddress = ca_martial(at)siv02.org HTTP_X_SSL_NOTAFTER : Apr 22 14:30:53
2009 GMT HTTP_X_SSL_NOTBEFORE : Apr 22 14:30:53 2008 GMT HTTP_X_SSL_SERIAL : 2
HTTP_X_SSL_SUBJECT : C = FR, ST = IdF, O = Bull, OU = Plaque IdF, CN = xxxx,
emailAddress = xxx(at)siv2 PATH :
/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin
QUERY_STRING :
REMOTE_ADDR : 129.181.20.13
REMOTE_PORT : 46805
REQUEST_METHOD : GET
REQUEST_URI : /cgi/headers.cgi
SCRIPT_FILENAME : /var/www/html/cgi/headers.cgi SCRIPT_NAME : /cgi/headers.cgi
SERVER_ADDR : xxx.xxx.xxx.xxx SERVER_ADMIN : root(at)localhost SERVER_NAME :
web-application.intranet.fr SERVER_PORT : 445 SERVER_PROTOCOL : HTTP/1.1
SERVER_SIGNATURE : Apache/2.0.52 (Red Hat) Server at
siv-vabf-part.interieur.gouv.fr Port 445 SERVER_SOFTWARE : Apache/2.0.52 (Red
Hat)
It seems that SERVER_PROTOCOL is not overwritten. That's why my java
application rebuild the requested url with the wrong protocol (It should be
HTTPS).
Here is the implementation of the method used on the java side :
public static StringBuffer getRequestURL(HttpServletRequest req) {
StringBuffer url = new StringBuffer();
String scheme = req.getScheme();
int port = req.getServerPort();
String urlPath = req.getRequestURI();
//String servletPath = req.getServletPath ();
//String pathInfo = req.getPathInfo ();
url.append(scheme); // http, https (SERVER_PROTOCOL)
url.append("://");
url.append(req.getServerName()); // (SERVER_NAME)
if ((scheme.equals("http") && port != 80)
|| (scheme.equals("https") && port != 443)) {
url.append(':');
url.append(req.getServerPort()); // (SERVER_PORT)
}
//if (servletPath != null)
// url.append (servletPath);
//if (pathInfo != null)
// url.append (pathInfo);
url.append(urlPath); (REQUEST_URI)
return url;
Is there a solution to get the right value for SERVER_PROTOCOL?
2008/7/24 Gaël de Villeblanche <gaeldevilleblanche(at)gmail.com>
[...]
--
Gaël de Villeblanche
--
To unsubscribe send an email with subject unsubscribe to pound(at)apsis.ch.
Please contact roseg(at)apsis.ch for questions.
[...]
|
