0
We are using Network level Loadbalancer, which redirects all the http calls to https.
The site hosting is configured where our SSL certificates are installed on the load balancer rather than in Apache Proxy (SSL offloading).
Apache web server is used only as a reverse proxy(via mod_proxy).
This results in the traffic between the load balancer and the Apache Proxy taking place over HTTP (unencrypted).
Flow :
1. http://example.com (hit on browser)
2. https://example.com (redirection via LB)
3. https://example.com (hit on browser)
4. http://example.com/uri (Apache web server via mod_rewrite)
(The issue is that Apache Proxy is unaware that the original protocol was HTTPS and sends back an HTTP reference.)
5. https://example.com/uri (Load Balancer again redirects it to https).
The combination of SSL offloading and the reverse proxy rewriting the URL (only once) is resulting in the initial request to the application to flap between HTTP and HTTPS twice.
Workaround tried : RequestHeader set X-Forwarded-Proto https (No luck).
mayank arora
Posted 2019-10-17T10:42:52.620
Reputation: 1
1Where is the question ? – binarym – 2019-10-17T11:13:40.150
They might want their Apache Web-Server to be working strictly on H.T.T.P., I cannot imagine why. – None – 2019-10-17T12:18:18.027