Server Fault Asked by gm777 on January 30, 2021
I am unable to redirect HTTP to HTTPS using Apache due to us having more than one proxy in between the client and the server.
HTTPS is being terminated on an internet facing load balancer, all other devices (including the Apache server serving the requests) are using HTTP.
I can see that all Apache looks at is the X-Forwarded-Proto of the last proxy in the chain, which is HTTP.
How can I force it to look at the real X-Forwarded-Proto header (of the remote client)?
For redirections coming from the http backend the only directive you should be concerned about in the reverse proxy is:
ProxyPassReverse
If a redirection comes from a chain of reverse proxied backends, no matter what they send, if you had a ProxyPassReverse directive in place for any internal name, Apache will change the host in the Location and the scheme (http/s) as the client sent it originally.
The good thing is ProxyPassReverse can be specified as many times as necessary.
So for example, if your reverse proxy hosts the public https://main.example.com and you have a miriad of backends behind sending you redirects like:
Location: http://something.example.com/somesome
Location: http://otherthing.internal.example.com/heresomething/jkjljl.whatever
Location: http://deepdowninthechain.some.exampe.com/therethere/there/there
All you have to do is add:
ProxyPassReverse / http://something.example.com/
ProxyPassReverse / http://otherthing.internal.example.com/
ProxyPassReverse / http://deepdowninthechain.some.exampe.com/
And Apache HTTPD will return all those Location headers to what the original client requested: https://main.example.com/whatever...
Answered by ezra-s on January 30, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP