Clint Dilks
2015-Oct-01 03:22 UTC
[CentOS] Off Topic - SSL reverse proxy and Mixed Content
Hi,
Not a CentOS specific issue, but I am a bit stuck as where I might ask for
help so if anyone has any ideas please share :)
I have a site that I want to work behind a reverse proxy (httpd) if using
http:// everything works as expected. If using https:// some content is
displayed but some content is blocked because of stylesheets and etc being
requested via http rather https.
I know that the long term solution should be to get all code changed so
that it references
//myserver/resource or /resource rather than http://myserver/resource but
is there anything I can do with httpd to get this working until these
changes are made ?
Thanks for any suggestions. Below is my current VirtualHost config
ProxyRequests On
ProxyPreserveHost On
ProxyTimeout 300
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / http://myserver/
ProxyPassReverse / http://myserver/
Gordon Messmer
2015-Oct-06 06:46 UTC
[CentOS] Off Topic - SSL reverse proxy and Mixed Content
On 09/30/2015 08:22 PM, Clint Dilks wrote:> I have a site that I want to work behind a reverse proxy (httpd) if using > http:// everything works as expected. If using https:// some content is > displayed but some content is blocked because of stylesheets and etc being > requested via http rather https. > > I know that the long term solution should be to get all code changed so > that it references > //myserver/resource or /resource rather than http://myserver/resource but > is there anything I can do with httpd to get this working until these > changes are made ?I don't think so. It sounds like the "block" you're describing is client-side. Your browser, by default, may block mixed content. Otherwise, if you have working reverse proxies for http and https, there shouldn't be a problem.> Thanks for any suggestions. Below is my current VirtualHost config > > ProxyRequests On > ProxyPreserveHost On > ProxyTimeout 300 > <Proxy *> > Order allow,deny > Allow from all > </Proxy>That is a severe security problem. In a reverse proxy setup, ProxyRequests should be off, and the Proxy allow/deny section isn't needed at all.
Clint Dilks
2015-Oct-06 20:00 UTC
[CentOS] Off Topic - SSL reverse proxy and Mixed Content
On Tue, Oct 6, 2015 at 7:46 PM, Gordon Messmer <gordon.messmer at gmail.com> wrote:> On 09/30/2015 08:22 PM, Clint Dilks wrote: > >> I have a site that I want to work behind a reverse proxy (httpd) if using >> http:// everything works as expected. If using https:// some content is >> displayed but some content is blocked because of stylesheets and etc being >> requested via http rather https. >> >> I know that the long term solution should be to get all code changed so >> that it references >> //myserver/resource or /resource rather than http://myserver/resource but >> is there anything I can do with httpd to get this working until these >> changes are made ? >> > > I don't think so. It sounds like the "block" you're describing is > client-side. Your browser, by default, may block mixed content. >> Otherwise, if you have working reverse proxies for http and https, there > shouldn't be a problem. > >Morning, thanks for the feedback. As far as I can see most browsers are now blocking Mixed Content by default> Thanks for any suggestions. Below is my current VirtualHost config >> >> ProxyRequests On >> ProxyPreserveHost On >> ProxyTimeout 300 >> <Proxy *> >> Order allow,deny >> Allow from all >> </Proxy> >> > > That is a severe security problem. In a reverse proxy setup, > ProxyRequests should be off, and the Proxy allow/deny section isn't needed > at all. > >Thanks for spotting the ProxyRequests On, I knew this was supposed to be Off but obliviously made a typo and didn't spot it. Now to go and double check that I haven't done this other places that I shouldn't.> _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >