开发者

HTTPS Header Redirect Not Working with PHP

开发者 https://www.devze.com 2023-01-17 01:50 出处:网络
I have a load balanced dev site that I\'m working out bugs for SSL on and I have ran into one last very annoying issue.On some pages I need to force it to SSL so easy enough, I just wanted to create a

I have a load balanced dev site that I'm working out bugs for SSL on and I have ran into one last very annoying issue. On some pages I need to force it to SSL so easy enough, I just wanted to create a

header ("Location: https://ww开发者_JAVA百科w.example.com/mypage.php");

I thought that was easy enough and no worries. However, every time I do this it transforms it back to http. Well as you can figure it creates an endless loop that can't be resolved. I can't figure out how to keep that https in there so that it will pull the secure version of the page. If I navigate directly to the secure page with https it works just fine. The only issue is on this redirect.

Any help would be awesome! I'm using POUND as a load balance proxy. Apache on the web-server nodes. The SSL cert is setup at the Load Balancer.


When loadbalancing, 'internal' SSL usually goes out the door: Clients connect through a load-balancer with which you can do SSL encryption, but behind that in most loadbalancers I've seen is plain 'HTTP'. Try to get your loadbalancer to set a custom header to you indicating that there is a HTTPS connection between loadbalancer & client.

From http://www.apsis.ch/pound/index_html

WHAT POUND IS: ... an SSL wrapper: Pound will decrypt HTTPS requests from client browsers and pass them as plain HTTP to the back-end servers.

And from more manual pages:

HTTP Listener RewriteLocation 0|1|2
If 1 force Pound to change the Location: and Content-location: headers in responses. If they point to the back-end itself or to the listener (but with the wrong protocol) the response will be changed to show the virtual host in the request. Default: 1 (active). If the value is set to 2 only the back-end address is compared; this is useful for redirecting a request to an HTTPS listener on the same server as the HTTP listener.


redirecting to https pages is no problem. you can check for the port, scheme or server variable (probably server variable is the best) to see if https is on, and have it as a condition for redirecting

$_SERVER['SERVER_PORT'] == 443 
parse_url($_SERVER['REQUEST_URI'],PHP_URL_SCHEME) == 'https'
$_SERVER['HTTPS'] == 'on'

but as you have an infinite loop there must be something else wrong!


try using the load blancer "balance" instead. it only takes about 5 minutes to set up, and instead of proxying, will do "real" load balancing. I would guess your proxy is currently redirecting https requests to the http address. Try making a request without using the balancer. you can do this by setting up the host name in your /etc/hosts file to point directly to a server instead of to the load balancer's IP

0

精彩评论

暂无评论...
验证码 换一张
取 消