[Koha-bugs] [Bug 25548] Package install Apache performs unnecessary redirects
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed May 20 02:28:02 CEST 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25548
--- Comment #1 from David Cook <dcook at prosentient.com.au> ---
Also, if you have a reverse proxy in front of Apache and you proxy using HTTP
rather than HTTPS, Apache will generate fully qualified HTTP URLs for the
Redirect, which cause one of the two scenarios:
Scenario 1:
1) Client (C) requests HTTPS from Reverse Proxy (RP)
2) RP requests HTTP from Apache (A)
3) A sends HTTP redirect to RP
4) RP sends HTTP redirect to C
5) C requests HTTP from RP
Now you've just downgraded your HTTPS to HTTP by accident
Scenario 2 (Force HTTPS):
1) Client (C) requests HTTPS from Reverse Proxy (RP)
2) RP requests HTTP from Apache (A)
3) A sends HTTP redirect to RP
4) RP sends HTTP redirect to C
5) C requests HTTP to RP
6) RP sends HTTPS redirect to C
Now you've just redirected twice bouncing from HTTPS to HTTP to HTTPS for just
1 search.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list