|
Home > Archive > Apache Server configuration support > January 2005 > SSL Reverse Proxy to non-SSL WebLogic server gets redirected to http (non-SSL)
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
SSL Reverse Proxy to non-SSL WebLogic server gets redirected to http (non-SSL)
|
|
| mike.gillan@gmail.com 2005-01-18, 8:55 pm |
| Hello,
I'm trying to use Apache as a secure reverse proxy in front of WebLogic
in order to encrypt the data between the client and server. The traffic
flow should look like this:
Client <---SSL---> Apache <---HTTP---> WebLogic
So the client makes the request to https://securesite.domain.com,
Apache handles the SSL handshake and properly forwards the request to
WebLogic, at http://appserver.domain.com:port. Unfortunately as soon as
the request makes it to WebLogic, a "302 Moved Temporarily" response is
returned, with a Location header "Location:
http://appserver.domain.com:port/index.jsp" (This is just the web app
sending the client to the welcome page.) I have a rewrite rule that
correcly translates "appserver.domain.com:port" to
"securesite.domain.com", but the problem is the final destination that
is sent to the client is http://securesite.domain.com/index.jsp
(Non-SSL). Since there is nothing listening on port 80, this breaks.
Here is the config file I'm using (directories abbreviated with ...,
but they are actaully real directories):
#------------------------------------------------------------------------
# securesite.domain.com
# Description: Shared intranet development environment
# - Listens on port 443 (SSL)
# - Handles secure traffice for the shared intranet
#------------------------------------------------------------------------
Listen <IPaddress>:443
<VirtualHost <IPaddress>:443>
ServerName securesite.domain.com
ServerAdmin admin@email.com
DocumentRoot /apps/apache2/...
RewriteEngine On
#---------------------------------------------------------------------
# Infrastructure Component: SSL Configuration
# Owner: WHS - Mike Gillan
# URI Pattern(s): N/A
#---------------------------------------------------------------------
SSLEngine on
SSLProtocol SSLv3
SSLCipherSuite HIGH:+MEDIUM
SSLCACertificateFile /apps/apache2/.../root.cer
SSLCertificateFile /apps/apache2/.../securesite.crt
SSLCertificateKeyFile /apps/apache2/.../securesite.key
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
#--- End SSL Configuration ---
#---------------------------------------------------------------------
# Application: Secure WebLogic Reverse Proxy
# Owner: ***
# URI Pattern(s): /application
#---------------------------------------------------------------------
RewriteRule ^/application(.*) http://appserver.domain.com:port$1
[P,NC]
ProxyPassReverse /application http://appserver.domain.com:port
#--- End SWRP ---
</VirtualHost>
#--- End securesite.domain.com
------------------------------------------
I could setup a proxy there to rewrite ^/(.*) to https, but this breaks
the SSL security as requests (particulary POST requests) will first be
sent in clear HTTP before being rewritten to HTTPS...
Does anyone know how I can get that destination location to be HTTPS
instead of HTTP? I'm at a loss! Thanks very much in advance for any
help!!!
Mike Gillan
mike.gillan@gmail.com
| |
| mike.gillan@gmail.com 2005-01-20, 7:54 am |
| Hi Ge0rge,
Thanks so much for the reply. I posted a response the next day but it
looks like it got lost, so here it goes again!
You're absolutely right. The way I imagined the sequence of events was
incorrect. After reading your reply, I realize that when the user
requests (for example) http://securesite/login.jsp, Apache will step in
and redirect them to https://securesite/login.jsp... they cannot POST
to the page until they've received it, and therefore the post will be
https. Thanks very much for pointing that out... I implemented it, and
although it's not the most elegant solution, it's working!!!
Kind regards,
Mike Gillan
| |
| ge0rge 2005-01-20, 5:59 pm |
|
<mike.gillan@gmail.com> wrote in message
news:1106229232.773366.327420@f14g2000cwb.googlegroups.com...
> Hi Ge0rge,
>
> Thanks so much for the reply. I posted a response the next day but it
> looks like it got lost, so here it goes again!
>
> You're absolutely right. The way I imagined the sequence of events was
> incorrect. After reading your reply, I realize that when the user
> requests (for example) http://securesite/login.jsp, Apache will step in
> and redirect them to https://securesite/login.jsp... they cannot POST
> to the page until they've received it, and therefore the post will be
> https. Thanks very much for pointing that out... I implemented it, and
> although it's not the most elegant solution, it's working!!!
> Kind regards,
> Mike Gillan
>
No problem. I did see your previous response. It is just your NG server
that's not displaying your previous posting.
Anyway, you did all the thinking. I only clarified the sequence and I do
think it is an elegant solution.
All the best
|
|
|
|
|