|
/
Zope
/
Apsis
/
Pound Mailing List
/
Archive
/
2008
/
2008-12
/
Pound newbie / HTTPS url issue
[
Pound newbie / HTTPS url issue. / ... ]
[
Session Preversation Script / "Cullin J. ... ]
Pound newbie / HTTPS url issue
"Shamunda" <shamunda(at)playlan.com> |
2008-12-13 16:17:08 |
[ FULL ]
|
Hmm sorry, I think I didn't explain myself properly.
From the answer I received - after studying it a bit - it wasn't clear
to me.
So I'll try to convey it as I see it.
My users 'must' go to my secured url: HTTPS://poundsever/targetpage
From what I understand pound can only talk to my backend servers as
HTTP. So the picture this far is -
<users>
|
\/
+<pound server port 443>
|
\/
+<backend server port 80>
Ok simple enough. However when the user types
HTTPS://poundserver/targetpage pound changes the returned page as HTTP.
Example: HTTPS://pounserver/targetpage returns
HTTP://poundserver/targetpage.
I don't want this, I'm looking to have all my pages returned under SSL.
Here's a snippet of my config
ListenHTTPS
Address 192.168.0.10
Port 443
Cert "/etc/ssl/server.pem"
Service
BackEnd
Address 192.168.0.100
Port 80
End
BackEnd
Address 192.168.0.200
Port 80
End
End
End
I'm willing to send screenshots to anyone that can help if I'm not being
clear.
Thanks for any all help
-Shamunda
***** Email confidentiality notice *****
13/12/2008
This message is private and confidential. If you have recieved this message in
error, please notify us and remove it from your system.
|
|
|
|
|
Re: [Pound Mailing List] Pound newbie / HTTPS url issue
Dave Steinberg <dave(at)redterror.net> |
2008-12-15 23:42:34 |
[ FULL ]
|
> Ok simple enough. However when the user types[...]
Are you sure its pound doing it? Could your application be trying to
detect SSL by checking that the port is set to 443, and then redirecting?
Regards,[...]
|
|
|
RE: [Pound Mailing List] Pound newbie / HTTPS url issue
"Shamunda" <shamunda(at)playlan.com> |
2008-12-16 05:49:04 |
[ FULL ]
|
I'm not sure what you mean by that, but then again being new to this
stuff I may have it completely wrong.
I thought the way in was the only way out?
Example.
User types HTTPS://URL -----> ssl pound server ------> Backend HTTP
server
and the return path was:
User Receive HTTPS://URL <----- ssl pound server <------ Backend HTTP
Server
I know with another reverse proxy app call orenosp the above method
works. But I'm not familiar enough with pound to know if there is
something else I need to add with my config.
Could someone post a configuration they have (stripping out all the
address info of course), that has POUND as the front end SSL layer.
Thanks,
Shamunda
-----Original Message-----
From: Dave Steinberg [mailto:dave(at)redterror.net]
Sent: Monday, December 15, 2008 5:43 PM
To: pound(at)apsis.ch
Subject: Re: [Pound Mailing List] Pound newbie / HTTPS url issue
[...]
HTTP.
Are you sure its pound doing it? Could your application be trying to
detect SSL by checking that the port is set to 443, and then
redirecting?
Regards,[...]
|
|
|
Re: [Pound Mailing List] Pound newbie / HTTPS url issue
Dave Steinberg <dave(at)redterror.net> |
2008-12-16 16:56:51 |
[ FULL ]
|
Shamunda wrote:[...]
Right, that's how almost all reverse proxies work, pound included. Its
only different if you're using DSR (direct server return), which you're
not if you're using pound. :)
[...]
Your pound config looked fine in previous postings. My point is, your
backend server is fully capable of issuing a redirect to tell the
browser to switch to http. Pound happily passes these onto the user,
and you see the change in the address bar of your browser. I'd
recommend that you sniff the traffic between pound and your backend
server and see what comes across the wire - I expect you'll see a HTTP
302 code with a location that's not using https.
Alternative look at your application running on your backend and check
if it requires SSL. If possible, disable that, and enforce SSL with pound.
[...]
|
|
|
|
