Solved

Rewriting Apache response headers during redirect

Posted on 2008-10-23
6
1,340 Views
Last Modified: 2012-05-05
My client has a setup whereby they have just moved their application server into a DMZ. At the front-end they have an SSL-offloader which accepts SSL requests and converts to HTTP requests which are then forwarded onto the Java application.

This works fine except when the application send a redirect to the browser. The redirect is to an HTTP URL which is ignored by the SLL-offloader.

I'm looking for a solution not involving rewriting any of the application code. The application is hosted on Tomcat with Apache at the front-end. My proposed solution is to use Apache to rewrite the response header so http becomes https. I'm sure this can be done but I'm struggling with the implementation.

The things I know so far
- I want to rewrite the location value
- I can use mod_headers to set the new value in the header
- I could possibly use Perl to do the rewriting but am not familiar with Perl

Any help appreciated.
0
Comment
Question by:lloyd142
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 20

Expert Comment

by:edster9999
ID: 22785137
Do you get any errors or does it just get ignored ?
I use redirects like this and it works for me.  You just need to make sure the page that is generated has the redirect in it and that it is buffered so it can change the header before the page is sent out.
0
 

Author Comment

by:lloyd142
ID: 22785957
I don't actually know what happens at the SSL-offloader as this belongs to the client. They tell me they can't accept http requests and need another solution. I assume this means that the SSL-offloader can't rewrite the headers but I'm not sure.

When you say that you use redirects like this, do you mean that your headers are rewritten by Apache or an SSL-offloader?
0
 
LVL 20

Expert Comment

by:edster9999
ID: 22786050
The ssl offloader is an unpackager.  The requests come in from the internet as secure SSL packets.  This box unloads them and passes on the same data as port 80 requests to the web servers so it will look like this :

User --> Internet (port 443) --> ssl ofloader --> (port 80) --> web server

and back the same way.

I have exactly the same setup as this and my pages do redirects inside the code.  That goes back to the end users web browser and makes that request a new page.  
If the redirect goes to a port 80 page then you need to have a site serving this or change the redirect to port 443 (httpS)
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 

Author Comment

by:lloyd142
ID: 22786356
I agree with what you're saying. I'm told by the client they can't (or don't want) to have anything open on port 80, so the redirect needs sent the user to port 443.

I don't want to do this within the application, so something needs to rewrite the header to use 443.

I was really after help with how to do this using Apache to rewrite the header. If anyone can offer any help with that I'd be most grateful
0
 
LVL 20

Expert Comment

by:edster9999
ID: 22786615
You can't.  
The update you are doing is inside the page.
If it points to port 80 you would need something to host it on that.
If you point to port 443 then that works.

The rewrite thing will not work as you only get to that after the SSL offloader and you would only get to that if you were on port 443.

Sorry.... You'll need to do one of the following
1- patch the code to use the right port
2- put up a web page on port 80 to redirect it again to port 443
3- set up a port 80 on the ssl offloader that does the redirect to port 443.

0
 

Accepted Solution

by:
lloyd142 earned 0 total points
ID: 22795672
I think you're misunderstanding my scenario here. I only need to rewrite the URL inside the response headers. I don't need to rewrite anything in the request or inside the response page. It seems rewriting the response header can be done with the ProxyPassReverse command. I'm struggling to get this to work so I'm going to start a new question asking more specifically about ProxyPassReverse.

Thanks for your suggestions so far but unfortunately it has got me no further to answering my original question, so I will close this question without awarding any points.
0

Featured Post

Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
instanceof  operator in java 26 112
.htaccess file settings 4 73
Apache/PHP: Cannot make phpinfo() and phpmyadmin work 4 67
Can't connect to WAMP server 5 87
Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
A year or so back I was asked to have a play with MongoDB; within half an hour I had downloaded (http://www.mongodb.org/downloads),  installed and started the daemon, and had a console window open. After an hour or two of playing at the command …
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question