Solved

Rewriting Apache response headers during redirect

Posted on 2008-10-23
6
1,349 Views
Last Modified: 2012-05-05
My client has a setup whereby they have just moved their application server into a DMZ. At the front-end they have an SSL-offloader which accepts SSL requests and converts to HTTP requests which are then forwarded onto the Java application.

This works fine except when the application send a redirect to the browser. The redirect is to an HTTP URL which is ignored by the SLL-offloader.

I'm looking for a solution not involving rewriting any of the application code. The application is hosted on Tomcat with Apache at the front-end. My proposed solution is to use Apache to rewrite the response header so http becomes https. I'm sure this can be done but I'm struggling with the implementation.

The things I know so far
- I want to rewrite the location value
- I can use mod_headers to set the new value in the header
- I could possibly use Perl to do the rewriting but am not familiar with Perl

Any help appreciated.
0
Comment
Question by:lloyd142
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 20

Expert Comment

by:edster9999
ID: 22785137
Do you get any errors or does it just get ignored ?
I use redirects like this and it works for me.  You just need to make sure the page that is generated has the redirect in it and that it is buffered so it can change the header before the page is sent out.
0
 

Author Comment

by:lloyd142
ID: 22785957
I don't actually know what happens at the SSL-offloader as this belongs to the client. They tell me they can't accept http requests and need another solution. I assume this means that the SSL-offloader can't rewrite the headers but I'm not sure.

When you say that you use redirects like this, do you mean that your headers are rewritten by Apache or an SSL-offloader?
0
 
LVL 20

Expert Comment

by:edster9999
ID: 22786050
The ssl offloader is an unpackager.  The requests come in from the internet as secure SSL packets.  This box unloads them and passes on the same data as port 80 requests to the web servers so it will look like this :

User --> Internet (port 443) --> ssl ofloader --> (port 80) --> web server

and back the same way.

I have exactly the same setup as this and my pages do redirects inside the code.  That goes back to the end users web browser and makes that request a new page.  
If the redirect goes to a port 80 page then you need to have a site serving this or change the redirect to port 443 (httpS)
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 

Author Comment

by:lloyd142
ID: 22786356
I agree with what you're saying. I'm told by the client they can't (or don't want) to have anything open on port 80, so the redirect needs sent the user to port 443.

I don't want to do this within the application, so something needs to rewrite the header to use 443.

I was really after help with how to do this using Apache to rewrite the header. If anyone can offer any help with that I'd be most grateful
0
 
LVL 20

Expert Comment

by:edster9999
ID: 22786615
You can't.  
The update you are doing is inside the page.
If it points to port 80 you would need something to host it on that.
If you point to port 443 then that works.

The rewrite thing will not work as you only get to that after the SSL offloader and you would only get to that if you were on port 443.

Sorry.... You'll need to do one of the following
1- patch the code to use the right port
2- put up a web page on port 80 to redirect it again to port 443
3- set up a port 80 on the ssl offloader that does the redirect to port 443.

0
 

Accepted Solution

by:
lloyd142 earned 0 total points
ID: 22795672
I think you're misunderstanding my scenario here. I only need to rewrite the URL inside the response headers. I don't need to rewrite anything in the request or inside the response page. It seems rewriting the response header can be done with the ProxyPassReverse command. I'm struggling to get this to work so I'm going to start a new question asking more specifically about ProxyPassReverse.

Thanks for your suggestions so far but unfortunately it has got me no further to answering my original question, so I will close this question without awarding any points.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On Microsoft Windows, if  when you click or type the name of a .pl file, you get an error "is not recognized as an internal or external command, operable program or batch file", then this means you do not have the .pl file extension associated with …
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Six Sigma Control Plans

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question