Rewriting/enforcing SSL behing an SSL termination point
Per Buer
perbu at varnish-software.com
Fri Dec 9 09:48:48 CET 2011
On Fri, Dec 9, 2011 at 8:08 AM, Jason Farnsworth <jason at pethub.com> wrote:
> We are hosted on Amazon Web Services and all SSL termination is done by an
> Elastic Load Balancer. So all I'm looking to do is re-write URLs like
> this
>
> http://domain.com -> https://www.domain.com
> http://www.domain.com -> https://www.domain.com
> https://domain.com -> https://www.domain.com
Varnish will not rewrite the actual content coming from the backend. We can
however, _redirect_ the client whenever they ask for a http:// URL.
We use the following code on varnish-cache.org to do this:
in vcl_recv:
if ( (req.http.host ~ "(?i)www.varnish-cache.org") && !(client.ip ~
localhost)) {
set req.http.x-redir-url = "https://" + req.http.host + req.url;
error 750 req.http.x-redir-url;
}
(..)
sub vcl_error {
# standard redirection in VCL:
if (obj.status == 750) {
set obj.http.Location = obj.response;
set obj.status = 302;
return(deliver);
}
}
Since we have an SSL terminator in front of Varnish client.ip is localhost
when there is SSL present. You might want to change the code to test
X-Forwarded-Proto
for whatever it is set to.
--
Per Buer, CEO
Phone: +47 21 98 92 61 / Mobile: +47 958 39 117 / Skype: per.buer
*Varnish makes websites fly!*
Whitepapers <http://www.varnish-software.com/whitepapers> |
Video<http://www.youtube.com/watch?v=x7t2Sp174eI> |
Twitter <https://twitter.com/varnishsoftware>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20111209/2b8a3620/attachment-0003.html>
More information about the varnish-misc
mailing list