Log in
Registration
- Welcome, visitor !
- |
- Log In | Register
- 05/20 GParted 0.12.1-5
- 05/19 LuninuX 12.00-beta2
- Chris Lawrence: cnlmisc 0.2 for R
- 05/19 Dream Studio 12.04
- Matthew Garrett: Fixing Asus UX21e unexpected power off
- Thorsten Glaser: MirBSD goes webservice – manpages and WTF‽
- Jonathan McDowell: 6 months of GNOME Shell
- Ubuntu developers: Leo Iannacone: Forum ubuntu-it gets a new theme and a new engine
- Richard Hartmann: Mongolia
- Maemo developers: Do Not Track support in Epiphany
- Pietro Abate: how to create VMs with ganeti / xen and dnsmaq
- Disk encryption in ROSA Marathon 2012
- Ubuntu developers: Francisco Molinero: Zentyal on Galapinux
- 05/19 Extix 10
- 05/19 Clonezilla 1.2.12-58
Prevent Switch from HTTPs to HTTP with Apache
The Apache web server is a very powerful application. Not only for serving static and dynamic contents, but also for aggregating data sources from other local and remote network services. Securing backend systems and integrating server applications written in Java, Perl, Python (Django) or Ruby (On Rails) are only a selection of examples for possible use-cases.
This article illustrates a trick to prevent backend applications to switch from HTTPs connections to HTTP by mistake. This effect can be observed in the context of form processing where Apache is forwarding or proxying requests to backend systems.
Hint: Please note, this recipe is valid for Apache 2.0 or newer.
Apache and Backends
The following image illustrates the network setup. As you can see the relationships between server applications are quite simple. However, it does not matter how complex your backend systems are designed. We just concentrate on the configuration of the Apache server regarding its handling of HTTPs requests.
Switch of Protcols
Especially if you are running your apache server in front of your backend systems by utilizing the HTTPs protocol, it could happen, that some distinct types of requests result in a switch of protocols to an unsecure connection. For example, even if you are using relative addresses to create links you might end up in a protocol switch when submitting form data (POST requests).
To prevent this we have to add an additional property to request headers. This will happen within the (virtual) host configuration of the apache server.
Prevent the Switch
As mentioned above, we have to add a property to the request header. Apache provides a module called mod_headers. After adding this module to your active Apache installation you will be able to modify request and response headers on-the-fly.
To do the magic to prevent the switch of protocols we have to add the property X_FORWARDED_PROTO to the request header. Please add the statement RequestHeader… to your Apache configuration file before directives that perform proxying and forwarding.
<VirtualHost *:443> #[...] # prevent delivery of http forms RequestHeader set X_FORWARDED_PROTO 'https' # example for proxying <IfModule mod_proxy.c> ProxyVia On ProxyPass .... ProxyPassReverse .... </IfModule> #[...]</VirtualHost>
That’s it. If you have got questions or suggestions, please send a message to our Support Team or just utilize our contact form.