Anne,

Maybe too simple, but if the first page returns as https://myhost/page I am wondering if there are hard coded http::// links on the site ie:
<a href="http://myhost/page2">page 2</a>

instead of

<a href="page2">page 2</a>

regards,
Michael
 

On Tue, Mar 16, 2010 at 11:16 AM, Anne Moore <diabeticithink@yahoo.com> wrote:
Hello All

I'm setting up POUND for my entire corporation. We, however, cannot seem to
get the SSL working correct.

Here's our setup:

(Entire network is private):

Clients >> POUND >> BackendServer1/BackenedServer2

Every time our users get directed to the backend servers, the first page is
encrypted. However, all subsequent pages that the user clicks on, are not.
This is causing a major problem with our sensitive data. I'm also trying to
get port 80 to automatically re-directs to port 443. No luck with either one
so far. Any help you can provide is great appreciated! Thank you - Anne

Here's my pound.cfg:

User "nobody"
Group "nobody"
RootJail "/usr/share/pound"
Control "/var/run/pound/ctl_socket"

# Main listening ports
ListenHTTP
   Address 192.168.1.12
   Port    80
   xHTTP   1
End
ListenHTTPS

Address 192.168.1.12
   Port    443
   Cert    "/usr/share/ssl/certs/myserver.pem"
   Ciphers
"ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL"
   xHTTP   1
   HeadRemove "X-SSL-Request"
   HeadRemove "X-Forwarded-For"
   AddHeader  "X-SSL-Request: 1"
End

# redirect all requests for /forbidden
Service
   Url         "/forbidden.*"
   Redirect    "https://192.168.1.12/"
End

# Catch-all server(s)
Service
   BackEnd
       Address 192.168.1.13
       Port    7777
   End
   BackEnd
       Address 192.168.1.14
       Port    7777
   End
   Session
       Type    BASIC
       TTL     300
   End
End


--
To unsubscribe send an email with subject unsubscribe to pound@apsis.ch.
Please contact roseg@apsis.ch for questions.