/ Zope / Apsis / Pound Mailing List / Archive / 2012 / 2012-03 / Pound private services

[ << ] [ >> ]

[ is pound still actively updated? / Zachary Alex ... ] [ Pound threading model in 2.6 / Neil Skrypuch ... ]

Pound private services
"Shane Chambers" <schambers(at)myriad-development.com>
2012-03-15 23:16:16 [ FULL ]
I've run into a problem that I'm hoping someone can explain to me.  It
appears that pound is treating HTTP private services as global services,
and ignoring HTTPS private services.  Take for example this
configuration;

 

 

root(at)dev2: cat /etc/pound.cfg

User        "nobody"

Group       "nobody"

RootJail    "/var/pound/jail"

Alive       15

Client      15

TimeOut     300

Grace       10

LogFacility     local6

LogLevel        2

Control         "/var/run/pound.control"

 

## Main listening ports

ListenHTTP

    Address 192.168.3.120

    Port    80

        MaxRequest 10485760

    xHTTP       0

 

 

        Service

                Redirect "https://dev2"

        End

End

 

ListenHTTPS

    Address 192.168.3.120

    Port    443

        MaxRequest 10485760

    Cert    <removed>

    xHTTP       0

 

 

 

        Service

                IgnoreCase 1

                URL "^\/*\/<removed>"

                BackEnd

                        Address 192.168.3.120

                        Port 8080

                End

        End

        Service

                IgnoreCase 1

                URL "^\/*\/<removed>"

                BackEnd

                        Address 192.168.3.120

                        Port 8068

                End

        End

        Service

                BackEnd

                        Address 192.168.3.120

                        Port 81

                End

        End

 

End

 

 

root(at)dev2: poundctl -c /var/run/pound.control

  0. http Listener 192.168.3.120:80 a

    0. Service active (1)

      0. Backend (UNKNOWN):0 active (1 0.000 sec) alive

  1. HTTPS Listener 192.168.3.120:443 a

    0. Service active (5)

      0. Backend 192.168.3.120:8080 active (5 0.000 sec) alive

    1. Service active (5)

      0. Backend 192.168.3.120:8068 active (5 0.000 sec) alive

    2. Service active (5)

      0. Backend 192.168.3.120:81 active (5 0.000 sec) alive

 -1. Global services

 

 

This was written with the intention of all HTTP traffic to be redirected
to HTTPS traffic.  Indeed, from the headers I can see that all HTTP
traffic is being redirected, however, all HTTPS traffic is being
redirected as well.  Thus I've got an infinite loop... 

 

http://dev2/

 

GET / HTTP/1.1

Host: dev2

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:10.0.2) Gecko/20100101
Firefox/10.0.2

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

Accept-Encoding: gzip, deflate

Connection: keep-alive

Cookie: ad_session_id=<removed>

 

HTTP/1.0 302 Found

Location: https://dev2/

Content-Type: text/html

Content-Length: 144

----------------------------------------------------------

https://dev2/

 

GET / HTTP/1.1

Host: dev2

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:10.0.2) Gecko/20100101
Firefox/10.0.2

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

Accept-Encoding: gzip, deflate

Connection: keep-alive

Cookie: ad_session_id=<removed>

 

HTTP/1.0 302 Found

Location: https://dev2/

Content-Type: text/html

Content-Length: 144

----------------------------------------------------------

https://dev2/

 

GET / HTTP/1.1

Host: dev2

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:10.0.2) Gecko/20100101
Firefox/10.0.2

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

Accept-Encoding: gzip, deflate

Connection: keep-alive

Cookie: ad_session_id=<removed>

 

HTTP/1.0 302 Found

Location: https://dev2/

Content-Type: text/html

Content-Length: 144

 

ad infinitum...

 

 

Removing the service holding the redirect from the HTTP listener,
resolves nothing.  In fact, everything breaks.

 

ListenHTTP

    Address 192.168.3.120

    Port    80

        MaxRequest 10485760

    xHTTP       0

 

 

#       Service

#               Redirect "https://dev2"

#       End

End

 

root(at)dev2: poundctl -c /var/run/pound.control

  0. http Listener 192.168.3.120:80 a

  1. HTTPS Listener 192.168.3.120:443 a

    0. Service active (5)

      0. Backend 192.168.3.120:8080 active (5 0.000 sec) alive

    1. Service active (5)

      0. Backend 192.168.3.120:8068 active (5 0.000 sec) alive

    2. Service active (5)

      0. Backend 192.168.3.120:81 active (5 0.000 sec) alive

 -1. Global services

 

https://dev2/

 

GET / HTTP/1.1

Host: dev2

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:10.0.2) Gecko/20100101
Firefox/10.0.2

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

Accept-Encoding: gzip, deflate

Connection: keep-alive

Cookie: ad_session_id=<removed>

 

HTTP/1.0 503 Service Unavailable

Content-Type: text/html

Content-Length: 53

Expires: now

Pragma: no-cache

Cache-Control: no-cache,no-store

----------------------------------------------------------

 

 

It's not until the services under HTTPS are moved out to the global
definition that things begin working again;

 

root(at)dev2: poundctl -c /var/run/pound.control

  0. http Listener 192.168.3.120:80 a

  1. HTTPS Listener 192.168.3.120:443 a

 -1. Global services

    0. Service active (5)

      0. Backend 192.168.3.120:8080 active (5 0.000 sec) alive

    1. Service active (5)

      0. Backend 192.168.3.120:8068 active (5 0.000 sec) alive

    2. Service active (5)

      0. Backend 192.168.3.120:81 active (5 0.000 sec) alive

 

https://dev2/

 

GET / HTTP/1.1

Host: dev2

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:10.0.2) Gecko/20100101
Firefox/10.0.2

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

Accept-Encoding: gzip, deflate

Connection: keep-alive

Cookie: ad_session_id=<removed>

 

HTTP/1.1 200 OK

Set-Cookie: ad_session_id=<removed>; Path=/; Max-Age=3600

MIME-Version: 1.0

Date: Thu, 15 Mar 2012 21:59:39 GMT

Server: AOLserver/4.5.1

Content-Type: text/html; charset=utf-8

Content-Length: 5847

Connection: keep-alive

----------------------------------------------------------

 

 

Why does the private service under HTTP appear to be treated like it's a
global service (or at least a private service for both HTTP, and HTTPS)?

Why are the private services under HTTPS appearing to not be seen at
all?

Is there a better way to implement HTTP to HTTPS redirection?  (or at
least a work around for this problem?)
Attachments:  
text.html text/html 42408 Bytes

RE: Pound private services
"Shane Chambers" <schambers(at)myriad-development.com>
2012-03-15 23:23:33 [ FULL ]
Forgot to include this;

 

root(at)dev2: pound -V

starting...

Version 2.6

  Configuration switches:

    --enable-cert1l

    --with-ssl=/usr/lib/openssl/

Exiting...

 
[...]
Attachments:  
text.html text/html 45275 Bytes

RE: Pound private services
Joe Gooch <mrwizard(at)k12system.com>
2012-03-16 16:35:33 [ FULL ]
>>>Removing the service holding the redirect from the HTTP listener,
resolves nothing.  In >>>fact, everything breaks.

At that point, if you connect to https://dev2, what
happens?  Clearly http://dev2 will not work in that
case.

Joe

From: Shane Chambers [mailto:schambers(at)myriad-development.com]
Sent: Thursday, March 15, 2012 6:16 PM
To: pound(at)apsis.ch
Subject: ***SPAM*** [Pound Mailing List] Pound private services

Iíve run into a problem that Iím hoping someone can explain to me.  It appears
that pound is treating HTTP private services as global services, and ignoring
HTTPS private services.  Take for example this configuration;


root(at)dev2: cat /etc/pound.cfg
User        "nobody"
Group       "nobody"
RootJail    "/var/pound/jail"
Alive       15
Client      15
TimeOut     300
Grace       10
LogFacility     local6
LogLevel        2
Control         "/var/run/pound.control"

## Main listening ports
ListenHTTP
    Address 192.168.3.120
    Port    80
        MaxRequest 10485760
    xHTTP       0


        Service
                Redirect "https://dev2"
        End
End

ListenHTTPS
    Address 192.168.3.120
    Port    443
        MaxRequest 10485760
    Cert    <removed>
    xHTTP       0



        Service
                IgnoreCase 1
                URL "^\/*\/<removed>"
                BackEnd
                        Address 192.168.3.120
                        Port 8080
                End
        End
        Service
                IgnoreCase 1
                URL "^\/*\/<removed>"
                BackEnd
                        Address 192.168.3.120
                        Port 8068
                End
        End
        Service
                BackEnd
                        Address 192.168.3.120
                        Port 81
                End
        End

End


root(at)dev2: poundctl -c /var/run/pound.control
  0. http Listener 192.168.3.120:80 a
    0. Service active (1)
      0. Backend (UNKNOWN):0 active (1 0.000 sec) alive
  1. HTTPS Listener 192.168.3.120:443 a
    0. Service active (5)
      0. Backend 192.168.3.120:8080 active (5 0.000 sec) alive
    1. Service active (5)
      0. Backend 192.168.3.120:8068 active (5 0.000 sec) alive
    2. Service active (5)
      0. Backend 192.168.3.120:81 active (5 0.000 sec) alive
 -1. Global services


This was written with the intention of all HTTP traffic to be redirected to
HTTPS traffic.  Indeed, from the headers I can see that all HTTP traffic is
being redirected, however, all HTTPS traffic is being redirected as well.  Thus
Iíve got an infinite loop...

http://dev2/

GET / HTTP/1.1
Host: dev2
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:10.0.2) Gecko/20100101
Firefox/10.0.2
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ad_session_id=<removed>

HTTP/1.0 302 Found
Location: https://dev2/
Content-Type: text/html
Content-Length: 144
----------------------------------------------------------
https://dev2/

GET / HTTP/1.1
Host: dev2
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:10.0.2) Gecko/20100101
Firefox/10.0.2
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ad_session_id=<removed>

HTTP/1.0 302 Found
Location: https://dev2/
Content-Type: text/html
Content-Length: 144
----------------------------------------------------------
https://dev2/

GET / HTTP/1.1
Host: dev2
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:10.0.2) Gecko/20100101
Firefox/10.0.2
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ad_session_id=<removed>

HTTP/1.0 302 Found
Location: https://dev2/
Content-Type: text/html
Content-Length: 144

ad infinitumÖ


Removing the service holding the redirect from the HTTP listener, resolves
nothing.  In fact, everything breaks.

ListenHTTP
    Address 192.168.3.120
    Port    80
        MaxRequest 10485760
    xHTTP       0


#       Service
#               Redirect "https://dev2"
#       End
End

root(at)dev2: poundctl -c /var/run/pound.control
  0. http Listener 192.168.3.120:80 a
  1. HTTPS Listener 192.168.3.120:443 a
    0. Service active (5)
      0. Backend 192.168.3.120:8080 active (5 0.000 sec) alive
    1. Service active (5)
      0. Backend 192.168.3.120:8068 active (5 0.000 sec) alive
    2. Service active (5)
      0. Backend 192.168.3.120:81 active (5 0.000 sec) alive
 -1. Global services

https://dev2/

GET / HTTP/1.1
Host: dev2
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:10.0.2) Gecko/20100101
Firefox/10.0.2
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ad_session_id=<removed>

HTTP/1.0 503 Service Unavailable
Content-Type: text/html
Content-Length: 53
Expires: now
Pragma: no-cache
Cache-Control: no-cache,no-store
----------------------------------------------------------


Itís not until the services under HTTPS are moved out to the global definition
that things begin working again;

root(at)dev2: poundctl -c /var/run/pound.control
  0. http Listener 192.168.3.120:80 a
  1. HTTPS Listener 192.168.3.120:443 a
 -1. Global services
    0. Service active (5)
      0. Backend 192.168.3.120:8080 active (5 0.000 sec) alive
    1. Service active (5)
      0. Backend 192.168.3.120:8068 active (5 0.000 sec) alive
    2. Service active (5)
      0. Backend 192.168.3.120:81 active (5 0.000 sec) alive

https://dev2/

GET / HTTP/1.1
Host: dev2
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:10.0.2) Gecko/20100101
Firefox/10.0.2
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: ad_session_id=<removed>

HTTP/1.1 200 OK
Set-Cookie: ad_session_id=<removed>; Path=/; Max-Age=3600
MIME-Version: 1.0
Date: Thu, 15 Mar 2012 21:59:39 GMT
Server: AOLserver/4.5.1
Content-Type: text/html; charset=utf-8
Content-Length: 5847
Connection: keep-alive
----------------------------------------------------------


Why does the private service under HTTP appear to be treated like itís a global
service (or at least a private service for both HTTP, and HTTPS)?
Why are the private services under HTTPS appearing to not be seen at all?
Is there a better way to implement HTTP to HTTPS redirection?  (or at least a
work around for this problem?)
Attachments:  
text.html text/html 35382 Bytes

RE: [Pound Mailing List] RE: Pound private services
"Shane Chambers" <schambers(at)myriad-development.com>
2012-03-19 22:47:38 [ FULL ]
Hi Joe,

 

In the configuration below I have the redirect commented out of the
ListenHTTP, and all of the services as private within the ListenHTTPS.
As you can see in the captured headers (FROM FIREFOX) at the bottom, the
only thing that comes back in this case is a "503 Service Unavailable."

 

However, if I use LWP's GET, or curl to retrieve the page from on Dev2
itself, I actually get the page as if nothing was wrong?

 

Mar 19 21:38:20 dev2 pound: (b7b5eb90) e503 no service "GET / HTTP/1.1"
from 192.168.1.154 192.168.3.120

Mar 19 21:38:32 dev2 pound: 192.168.3.120 GET / HTTP/1.1 - HTTP/1.1 200
OK (dev2/- -> 192.168.3.120:81) 0.008 sec

 

Above is the two different entries from the messages file.  They are
both asking for the same thing (https://dev2 <https://dev2/> ) however,
the first come from my workstation, and the second come from Dev2
itself.  This is getting more bizarre, why would it work on the system,
and not off the system?  This can't be a network issue, obviously from
the log they are asking for the same thing, but getting two different
responses.

 

Thanks,

Shane Chambers

 

Configuration

----------------------------------------------------------

root(at)dev2: cat /etc/pound.cfg

User        "nobody"

Group       "nobody"

RootJail    "/var/pound/jail"

Alive       15

Client      15

TimeOut     300

Grace       10

LogFacility     local6

LogLevel        2

Control         "/var/run/pound.control"

 

# Main listening ports

ListenHTTP

    Address 192.168.3.120

    Port    80

        MaxRequest 10485760

    xHTTP       0

 

 

#       Service

#               Redirect "https://dev2"

#       End

End

 

ListenHTTPS

    Address 192.168.3.120

    Port    443

        MaxRequest 10485760

    Cert    "/etc/pki/tls/certs/<removed>"

    xHTTP       0

 

        Service

                IgnoreCase 1

                URL "^\/*\/<removed>"

                BackEnd

                        Address 192.168.3.120

                        Port 8080

                End

        End

        Service

                IgnoreCase 1

                URL "^\/*\/<removed>"

                BackEnd

                        Address 192.168.3.120

                        Port 8068

                End

        End

        Service

                BackEnd

                        Address 192.168.3.120

                        Port 81

                End

        End

 

End

 

Poundctl display current configuration

----------------------------------------------------------

root(at)dev2: poundctl -c /var/run/pound.control

  0. http Listener 192.168.3.120:80 a

  1. HTTPS Listener 192.168.3.120:443 a

    0. Service active (5)

      0. Backend 192.168.3.120:8080 active (5 0.000 sec) alive

    1. Service active (5)

      0. Backend 192.168.3.120:8068 active (5 0.000 sec) alive

    2. Service active (5)

      0. Backend 192.168.3.120:81 active (5 0.000 sec) alive

 -1. Global services

 

 

FireFox Headers

----------------------------------------------------------

https://dev2/

 

GET / HTTP/1.1

Host: dev2

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20100101
Firefox/11.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-us,en;q=0.5

Accept-Encoding: gzip, deflate

Connection: keep-alive

 

HTTP/1.0 503 Service Unavailable

Content-Type: text/html

Content-Length: 53

Expires: now

Pragma: no-cache

Cache-Control: no-cache,no-store

----------------------------------------------------------

 

LWP HEAD (from Dev2)

----------------------------------------------------------

root(at)dev2: HEAD https://dev2/

200 OK

Connection: close

Date: Mon, 19 Mar 2012 21:44:01 GMT

Server: AOLserver/4.5.1

Content-Length: 5847

Content-Type: text/html; charset=utf-8

Client-Date: Mon, 19 Mar 2012 21:44:01 GMT

Client-Peer: 192.168.3.120:443

Client-Response-Num: 1

Client-SSL-Cert-Issuer: <removed>

Client-SSL-Cert-Subject: <removed>

Client-SSL-Cipher: <removed>

Client-SSL-Warning: Peer certificate not verified

MIME-Version: 1.0

Set-Cookie: <removed>

 
[...]
Attachments:  
text.html text/html 75170 Bytes

RE: [Pound Mailing List] RE: Pound private services
Joe Gooch <mrwizard(at)k12system.com>
2012-03-20 15:28:46 [ FULL ]
I think itís more important to note that when you run the LWP command, it
returns all the Client-SSL headers in the response.  Which tells me you made an
SSL connection.

Those headers arenít in the firefox response from your workstation, which leads
me to believe firefox, for whatever reason, isnít making a SSL connection.  OR,
firefox is making a SSL connection and is being redirected. (probably by your
AOLServer backend)

From your workstation are you sure if you ping dev2 it returns 192.168.3.120?

Try using telnet and openssl.
i.e.

telnet 192.168.3.120 80
GET / HTTP/1.0
Host: dev2
<enter>

After the last enter, you should receive the headers back.  (In this
configuration, 503 service unavailable)

SSL connection: (win binaries at
www.slproweb.com/products/Win32OpenSSL.html<http://www.slproweb.com/products/Win32OpenSSL.html>
)

openssl s_client Ėconnect 192.168.3.120:443
GET / HTTP/1.0
Host: dev2
<enter>

I would suspect in this configuration youíd see a response similar to what you
saw with LWP.

Firefox in your configuration seems to me like itís going through a proxy,
being redirected, or doing something else not represented in your test case.  
(Because I know I canít reproduce the behavior youíre seeing)

Sometimes redirects cause these thingsÖ for instance https://dev2/directory  and https://dev2/directory/  are *not* the sameÖ
most servers will fire a redirect.  Thought being:
https://dev2/directory
AOLServer sees HTTP connection on 8080 or 8068, sends redirect to http://dev2:8080/directory/ or worse http://dev2/directory/   (see RewriteLocation
directive)
Browser redirects as instructed
You receive a 503 error

Are you sure something like that isnít happening?
Joe


From: Shane Chambers [mailto:schambers(at)myriad-development.com]
Sent: Monday, March 19, 2012 5:48 PM
To: pound(at)apsis.ch
Subject: ***SPAM*** RE: [Pound Mailing List] RE: Pound private services

Hi Joe,

In the configuration below I have the redirect commented out of the ListenHTTP,
and all of the services as private within the ListenHTTPS.  As you can see in
the captured headers (FROM FIREFOX) at the bottom, the only thing that comes
back in this case is a ď503 Service Unavailable.Ē

However, if I use LWPís GET, or curl to retrieve the page from on Dev2 itself,
I actually get the page as if nothing was wrong?

Mar 19 21:38:20 dev2 pound: (b7b5eb90) e503 no service "GET / HTTP/1.1" from
192.168.1.154 192.168.3.120
Mar 19 21:38:32 dev2 pound: 192.168.3.120 GET / HTTP/1.1 - HTTP/1.1 200 OK
(dev2/- -> 192.168.3.120:81) 0.008 sec

Above is the two different entries from the messages file.  They are both
asking for the same thing (https://dev2<https://dev2/>)
however, the first come from my workstation, and the second come from Dev2
itself.  This is getting more bizarre, why would it work on the system, and not
off the system?  This canít be a network issue, obviously from the log they are
asking for the same thing, but getting two different responses.

Thanks,
Shane Chambers

Configuration
----------------------------------------------------------
root(at)dev2: cat /etc/pound.cfg
User        "nobody"
Group       "nobody"
RootJail    "/var/pound/jail"
Alive       15
Client      15
TimeOut     300
Grace       10
LogFacility     local6
LogLevel        2
Control         "/var/run/pound.control"

# Main listening ports
ListenHTTP
    Address 192.168.3.120
    Port    80
        MaxRequest 10485760
    xHTTP       0


#       Service
#               Redirect "https://dev2"
#       End
End

ListenHTTPS
    Address 192.168.3.120
    Port    443
        MaxRequest 10485760
    Cert    "/etc/pki/tls/certs/<removed>"
    xHTTP       0

        Service
                IgnoreCase 1
                URL "^\/*\/<removed>"
                BackEnd
                        Address 192.168.3.120
                        Port 8080
                End
        End
        Service
                IgnoreCase 1
                URL "^\/*\/<removed>"
                BackEnd
                        Address 192.168.3.120
                        Port 8068
                End
        End
        Service
                BackEnd
                        Address 192.168.3.120
                        Port 81
                End
        End

End

Poundctl display current configuration
----------------------------------------------------------
root(at)dev2: poundctl -c /var/run/pound.control
  0. http Listener 192.168.3.120:80 a
  1. HTTPS Listener 192.168.3.120:443 a
    0. Service active (5)
      0. Backend 192.168.3.120:8080 active (5 0.000 sec) alive
    1. Service active (5)
      0. Backend 192.168.3.120:8068 active (5 0.000 sec) alive
    2. Service active (5)
      0. Backend 192.168.3.120:81 active (5 0.000 sec) alive
 -1. Global services


FireFox Headers
----------------------------------------------------------
https://dev2/

GET / HTTP/1.1
Host: dev2
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20100101 Firefox/11.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.0 503 Service Unavailable
Content-Type: text/html
Content-Length: 53
Expires: now
Pragma: no-cache
Cache-Control: no-cache,no-store
----------------------------------------------------------

LWP HEAD (from Dev2)
----------------------------------------------------------
root(at)dev2: HEAD https://dev2/
200 OK
Connection: close
Date: Mon, 19 Mar 2012 21:44:01 GMT
Server: AOLserver/4.5.1
Content-Length: 5847
Content-Type: text/html; charset=utf-8
Client-Date: Mon, 19 Mar 2012 21:44:01 GMT
Client-Peer: 192.168.3.120:443
Client-Response-Num: 1
Client-SSL-Cert-Issuer: <removed>
Client-SSL-Cert-Subject: <removed>
Client-SSL-Cipher: <removed>
Client-SSL-Warning: Peer certificate not verified
MIME-Version: 1.0
Set-Cookie: <removed>
[...]
Attachments:  
text.html text/html 65820 Bytes

MailBoxer