Thanks for the response. I spent my time initially focusing on the proxy until I found similar questions on the Squid mailing list that pointed to the backend server as the problem. The access logs for apache seem to correspond to what I described. I just ran a test a moment ago and this is final entry I see in the logs:
10.0.0.6 - - [29/Jun/2012:01:31:41 -0500] "POST /administrator/index.php HTTP/1.0" 303 428 "https://www.mydomain.com/administrator/"; "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20100101 Firefox/13.0.1" The connection was made via plain http, but the URI in the HTTP header is passed with the https intact. Monitoring in the browser, I can now see that it is receiving a 301 Moved Permanently response. I'm trying to configure the logs so that I can confirm whether this is generated by Apache or not. Any tips? Clinton On Thursday, June 28, 2012 at 10:07 PM, Igor Cicimov wrote: > Hmmm this > > > - apache changes the url to http://www.mydomain.com/administrator/. > > (http://www.mydomain.com/administrator/).. > > doesn't make sense to me in your scenario. Since you are offloading the SSL > on the proxy all the communication between the proxy and apache is over HTTP > not SSL. So the request already comes to apache as http://... Then Squid > should send that back to the client via SSL. Looks like reverse proxy issue > to me. In apache as reverse proxy you need to have something like: > > ProxyRequest off > ProxyPass / http://apache/ > ProxyPassReverse / http://apache/ > > I'm not sure about Squid as I've never used it. > > Igor > > On Fri, Jun 29, 2012 at 1:28 PM, Clinton J. Campbell > <[email protected] (mailto:[email protected])> wrote: > > I've been searching archives and other forums, and though I've found others > > who have asked similar questions, I haven't found a solution yet. > > > > I currently have an Apache server that sits behind a Squid Reverse Proxy. > > The Apache server runs two virtual hosts, a Joomla website and a WebDav > > directory for file sharing with customers. The Squid proxy serves several > > functions, including enforcing the requirement that any sensitive pages are > > served to the user over SSL. > > > > When running unencrypted, everything works fine. Squid forwards the request > > to Apache and the response to the user. However, when the user tries to > > connect via SSL, things start to fall apart behind the scenes. I'll > > illustrate with a typical scenario: > > > > - user enters https://www.mydomain.com/administrator to access Joomla > > administration page > > - connection succeeds and user is presented with login page > > - user enters credentials and submits > > - apache changes the url to http://www.mydomain.com/administrator/... > > - connection fails > > > > In some cases, I can manually change the URL back and proceed to access > > most parts of the site. Some functionality remains broken. Moreover, this > > problem completely breaks WebDav access on Windows clients. > > > > I've tried a variety of configurations on the proxy to work around or avoid > > the problem; however, I've had no luck. The optimal solution would be to > > find a way to keep Apache from rewriting the URL, but I've not been able to > > track down a configuration that accomplishes this. Any suggestions? > > > > Thanks in advance! > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > (mailto:[email protected]) > > For additional commands, e-mail: [email protected] > > (mailto:[email protected]) > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
