Yesterday I found out about the service https://startssl.com, it's a free Certificate
service.
I'm now able to use https for 2 webmailservers and my activesync and still have
a meal each day.

My mobile's activesync can now access my Zarafa-server with https, which is
great. I was able to do this because the URL always starts with
"/Microsoft-Server-ActiveSync"


I have another mail-related service (ASSP anti-spam-proxy) and I would like to
access its mail-interface in the same way. That service doesn't have a specific
prefix. I was thinking about using the URL "/ASSP" so pound can distinguish the
service and then pointing it to http://192.168.10.100:55555 but having
that /ASSP stripped.

	https://mail.mirmana.com/ASSP     
       ==> http://192.168.10.100:55555
	https://mail.mirmana.com/ASSP/index.asp
  ==> http://192.168.10.100:55555/index.asp

Is this already possible?
If not, it would be a great addition.

I'm now using this config which works fine with StartCom's CA:

ListenHTTPS
        Address 0.0.0.0
        Port    4443
        Cert       "/opt/etc/ssl.crt"
        CAList     "/opt/etc/ca.pem"
        VerifyList "/opt/etc/sub.class1.server.ca.pem"
        Service "zarafa"
          URL "/(zarafa-webaccess|Microsoft-Server-ActiveSync).*"
          BackEnd
            Address 192.168.10.125
            Port 80
          End
        End
        Service "Worldclient"
          BackEnd
            Address 192.168.10.25
            Port 80
          End
        End
End

ListenHTTPS
        Address 0.0.0.0
        Port    4446
        Cert       "/opt/etc/ssl.crt"
        CAList     "/opt/etc/ca.pem"
        VerifyList "/opt/etc/sub.class1.server.ca.pem"
        Service "Webadmin"
          BackEnd
            Address 192.168.10.25
            Port 1000
          End
        End
End

On 5/23/2010 2:42 PM, Jean-Pierre van Melis wrote:[...]

Not possible currently.  Indeed, it would be great - you should consider
trying to implement this.  Pound's source code is extremely readable,
and if you're motivated, it probably wouldn't be too hard.  That's the 
wonder of open source ... you can scratch your own itch.

Regards,[...]

Hi Dave,

Although I used to be a programmer and am now picking that up again with shell
scripting, I'm still too unfamiliar with C. I don't know the reason why you are
inviting me to do it myself. If you don't have time right now, I can wait until
you do. Or is it something you don't want to implement in the distributed
program?

Maybe someone else who likes this idea is able to do this. The stripping could
be done with a syntax similar to 'sed'. It solves the problem when you have
multiple servers but only 1 IP for https.

JP

-----Oorspronkelijk bericht-----
Van: Dave Steinberg [mailto:dave(at)redterror.net] 
Verzonden: zondag 23 mei 2010 21:13
Aan: pound(at)apsis.ch
Onderwerp: Re: [Pound Mailing List] stripping URL when forwarding

On 5/23/2010 2:42 PM, Jean-Pierre van Melis wrote:[...]

Not possible currently.  Indeed, it would be great - you should consider
trying to implement this.  Pound's source code is extremely readable,
and if you're motivated, it probably wouldn't be too hard.  That's the 
wonder of open source ... you can scratch your own itch.

Regards,[...]

On 5/24/2010 2:29 AM, Jean-Pierre van Melis wrote:[...]

I suggest you do it merely b/c you have the need, and it is my 
philosophy to scratch one's own itch (or at least try, and then ask for 
help).  I'm not the maintainer of pound, just a list participant, but in 
my experience patches tend to get things done a lot faster than feature 
requests.

Regards,[...]

Especially with this request, as it has been asked multiple times in the past,
and the maintainers have continually said that this is beyond the scope of what
pound is intended to do.  As such, I don't think your feature request is likely
to be implemented anytime soon.

Simple reason is pound doesn't manipulate requests or responses.  It doesn't
rewrite URLs, nor does it read and interpret the content the backend returns. 
Pound load balances between backends, and that's about it.  Which means it can
be very fast and have a small memory footprint.

It is very likely in your situation that URL rewriting would not be sufficient.
 You would also need content rewriting to handle any absolute links that the
backend might send inline, plus it would need to rewrite redirects (which pound
DOES do, at least if the hostname is different), and it would need to possibly
make decisions based on the referrer as well.  Apache mod_rewrite and mod_proxy
do all these things, and they're complicated to maintain and configure,
specifically because of the difficulty of coercing a web app to another URL
without ever notifying the App.  9 times out of 10 that I've tried to do
something like this, I've given up before getting the right set of magic rules
in place to make the site usable, even using the correct tools for the job.
(Apache + mod_proxy + mod_rewrite)

Not trying to speak for Robert here, but based on past responses, I'm about 99%
sure Pound will never be that type of proxy. It's a load balancer, but not a
content rewriter.

Unless, of course, you want to write a patch. :)  But it's unlikely to make it
into the main product.

Joe

Confidentiality Notice:
This e-mail transmission may contain confidential and legally privileged
information that is intended only for the individual named in the e-mail
address. If you are not the intended recipient, you are hereby notified that
any disclosure, copying, distribution, or reliance upon the contents of this
e-mail message is strictly prohibited. If you have received this e-mail
transmission in error, please reply to the sender, so that proper delivery can
be arranged, and please delete the message from your mail box.

[...]

Hi Dave,

I see your name that often I thought it was the Dev's name, but that's of
course Robert Segall.
That's why my reaction may seem strange.

I do hope someone who's able to make modifications feels the same need. I think
it's a great way to make use of a simple Internet connection. I have
implemented pound on a SoHo-router (DD-WRT) and wrote a script that
automatically writes a config before it starts the proxy.

Thanks, anyway

JP

-----Oorspronkelijk bericht-----
Van: Dave Steinberg [mailto:dave(at)redterror.net] 
Verzonden: maandag 24 mei 2010 15:47
Aan: pound(at)apsis.ch
Onderwerp: Re: [Pound Mailing List] stripping URL when forwarding

On 5/24/2010 2:29 AM, Jean-Pierre van Melis wrote:[...]

I suggest you do it merely b/c you have the need, and it is my 
philosophy to scratch one's own itch (or at least try, and then ask for 
help).  I'm not the maintainer of pound, just a list participant, but in 
my experience patches tend to get things done a lot faster than feature 
requests.

Regards,[...]