Solved

Rewriting Apache response headers during redirect

Posted on 2008-10-23
6
1,332 Views
Last Modified: 2012-05-05
My client has a setup whereby they have just moved their application server into a DMZ. At the front-end they have an SSL-offloader which accepts SSL requests and converts to HTTP requests which are then forwarded onto the Java application.

This works fine except when the application send a redirect to the browser. The redirect is to an HTTP URL which is ignored by the SLL-offloader.

I'm looking for a solution not involving rewriting any of the application code. The application is hosted on Tomcat with Apache at the front-end. My proposed solution is to use Apache to rewrite the response header so http becomes https. I'm sure this can be done but I'm struggling with the implementation.

The things I know so far
- I want to rewrite the location value
- I can use mod_headers to set the new value in the header
- I could possibly use Perl to do the rewriting but am not familiar with Perl

Any help appreciated.
0
Comment
Question by:lloyd142
  • 3
  • 3
6 Comments
 
LVL 20

Expert Comment

by:edster9999
ID: 22785137
Do you get any errors or does it just get ignored ?
I use redirects like this and it works for me.  You just need to make sure the page that is generated has the redirect in it and that it is buffered so it can change the header before the page is sent out.
0
 

Author Comment

by:lloyd142
ID: 22785957
I don't actually know what happens at the SSL-offloader as this belongs to the client. They tell me they can't accept http requests and need another solution. I assume this means that the SSL-offloader can't rewrite the headers but I'm not sure.

When you say that you use redirects like this, do you mean that your headers are rewritten by Apache or an SSL-offloader?
0
 
LVL 20

Expert Comment

by:edster9999
ID: 22786050
The ssl offloader is an unpackager.  The requests come in from the internet as secure SSL packets.  This box unloads them and passes on the same data as port 80 requests to the web servers so it will look like this :

User --> Internet (port 443) --> ssl ofloader --> (port 80) --> web server

and back the same way.

I have exactly the same setup as this and my pages do redirects inside the code.  That goes back to the end users web browser and makes that request a new page.  
If the redirect goes to a port 80 page then you need to have a site serving this or change the redirect to port 443 (httpS)
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 

Author Comment

by:lloyd142
ID: 22786356
I agree with what you're saying. I'm told by the client they can't (or don't want) to have anything open on port 80, so the redirect needs sent the user to port 443.

I don't want to do this within the application, so something needs to rewrite the header to use 443.

I was really after help with how to do this using Apache to rewrite the header. If anyone can offer any help with that I'd be most grateful
0
 
LVL 20

Expert Comment

by:edster9999
ID: 22786615
You can't.  
The update you are doing is inside the page.
If it points to port 80 you would need something to host it on that.
If you point to port 443 then that works.

The rewrite thing will not work as you only get to that after the SSL offloader and you would only get to that if you were on port 443.

Sorry.... You'll need to do one of the following
1- patch the code to use the right port
2- put up a web page on port 80 to redirect it again to port 443
3- set up a port 80 on the ssl offloader that does the redirect to port 443.

0
 

Accepted Solution

by:
lloyd142 earned 0 total points
ID: 22795672
I think you're misunderstanding my scenario here. I only need to rewrite the URL inside the response headers. I don't need to rewrite anything in the request or inside the response page. It seems rewriting the response header can be done with the ProxyPassReverse command. I'm struggling to get this to work so I'm going to start a new question asking more specifically about ProxyPassReverse.

Thanks for your suggestions so far but unfortunately it has got me no further to answering my original question, so I will close this question without awarding any points.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Apache Virtual Hosts in Ubuntu 16.04 ignoring config for non SSL traffic 9 69
whm high memory usage in processes 7 102
.htaccess file settings 4 62
read an xml file in perl 2 49
There are many situations when we need to display the data in sorted order. For example: Student details by name or by rank or by total marks etc. If you are working on data driven based projects then you will use sorting techniques very frequently.…
In the distant past (last year) I hacked together a little toy that would allow a couple of Manager types to query, preview, and extract data from a number of MongoDB instances, to their tool of choice: Excel (http://dilbert.com/strips/comic/2007-08…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question