Forum
How to accept both SSL & non SSL connections based on extensions?
Praseed
23 March 2010, 01:13
Hiawatha version: 6.14.1
Operating System: Linux 2.6.18
Hi,
Here is my situation.
I want all connections to extension "special_ssl" get redirected to "special.fcgi" using SSL.
(which is already working fine, attached the conf file) &
any connections to "special" get directed to same "special.fcgi", NOT using SSL(normal http).
How do I do this?
Thanks
Praseed
# Hiawatha main configuration file
#
# Development config file:
# - Enable FastCGIserver for default website
#
# GENERAL SETTINGS
#
ConnectionsTotal = 150
ConnectionsPerIP = 10
SystemLogfile = /dev/null
GarbageLogfile = /dev/null
# BINDING SETTINGS
# A binding is where a client can connect to
#
Binding {
Port = 443
SSLcertFile = /var/webdmn/ssl_cert/ssl_pub_cert_complete.pem
# Port = 80
# Interface = 127.0.0.1
MaxKeepAlive = 30
TimeForRequest = 3,20
}
# CGI server on local machine only
#FCGI1 connects to port 2005
FastCGIserver {
FastCGIid = FCGI1
ConnectTo = 127.0.0.1:2005
Extension = fcgi
SessionTimeout = 30
}
UrlToolkit {
ToolkitID = to_fcgi
RequestURI isfile Return
Match ^/www/special_ssl Rewrite /special.fcgi
}
Hostname = 127.0.0.1
WebsiteRoot = /mnt/drivers/webdmn/www/hiawatha
AccessLogfile = /mnt/drivers/webdmn/log/hiawatha/access.log
ErrorLogfile = /mnt/drivers/webdmn/log/hiawatha/error.log
UseFastCGI = FCGI1
TimeForCGI = 20
UseToolkit = to_fcgi
Hugo Leisink
23 March 2010, 08:49
UrlToolkit {
ToolkitID = to_fcgi
RequestURI isfile Return
Match ^/www/special_ssl Rewrite /special.fcgi
Match ^/www/special Redirect http://127.0.0.1/special.fcgi
}
Praseed
23 March 2010, 15:50
Thanks Hugo...
Let me try what you said.
Is there anything I should do in the binding section to accept HTTP connection?
Wishes
Praseed
Let me try what you said.
Is there anything I should do in the binding section to accept HTTP connection?
Wishes
Praseed
Hugo Leisink
23 March 2010, 15:53
You should add a HTTP binding:
Binding {
Port = 80
MaxKeepAlive = 30
TimeForRequest = 3,20
}
Binding {
Port = 443
SSLcertFile = /var/webdmn/ssl_cert/ssl_pub_cert_complete.pem
MaxKeepAlive = 30
TimeForRequest = 3,20
}
Praseed
23 March 2010, 21:30
Match ^/www/special Redirect http://127.0.0.1/special.fcgi
is returning 301 to the browser.
Instead of that is it possible to have something like "Rewrite", which take cares of everything internally
with in the Hiawatha webserver itself?
is returning 301 to the browser.
Instead of that is it possible to have something like "Rewrite", which take cares of everything internally
with in the Hiawatha webserver itself?
Hugo Leisink
23 March 2010, 21:49
A rewrite won't change the connection type (SSL or no SSL). You need a redirect (301) for that.
Praseed
23 March 2010, 22:39
OK thanks Hugo..
So is it some thing up to the client/browser to decide how to handle the redirect ?
I've another concern too
As the URL rewrite based on extension has got nothing to do with connection type (SSL or NO SSL),
& as I added the binding for both port 80 & 443, the server is accepting requests on
^/www/special & ^/www/special_ssl (then rewrite to special.fcgi) which is breaking the purpose of SSL.
So how can I do a proper configuration to accept only SSL connections on ^/www/special_ssl
& non-SSL on ^/www/special ?
Is it possible? or any work around using VirtualHost, toolkit etc?
Please help me figure out a solution.
Regard
Praseed
Here is my modified conf file
# Hiawatha main configuration file
#
# Development config file:
# - Enable FastCGIserver for default website
#
# GENERAL SETTINGS
#
ConnectionsTotal = 150
ConnectionsPerIP = 10
SystemLogfile = /dev/null
GarbageLogfile = /dev/null
# BINDING SETTINGS
# A binding is where a client can connect to
#
Binding {
Port = 80
MaxKeepAlive = 30
TimeForRequest = 3,20
}
Binding {
Port = 443
SSLcertFile = /var/webdmn/ssl_cert/ssl_pub_cert_complete.pem
# Port = 80
# Interface = 127.0.0.1
MaxKeepAlive = 30
TimeForRequest = 3,20
}
# CGI server on local machine only
#FCGI1 connects to port 2005
FastCGIserver {
FastCGIid = FCGI1
ConnectTo = 127.0.0.1:2005
Extension = fcgi
SessionTimeout = 30
}
UrlToolkit {
ToolkitID = to_fcgi
RequestURI isfile Return
Match ^/www/special_ssl Rewrite /special.fcgi
Match ^/www/special Redirect http://127.0.0.1/special.fcgi
}
Hostname = 127.0.0.1
WebsiteRoot = /mnt/drivers/webdmn/www/hiawatha
AccessLogfile = /mnt/drivers/webdmn/log/hiawatha/access.log
ErrorLogfile = /mnt/drivers/webdmn/log/hiawatha/error.log
UseFastCGI = FCGI1
TimeForCGI = 20
UseToolkit = to_fcgi
Praseed
24 March 2010, 17:27
I'm stuck.
Eagerly waiting for some response. :-)
Praseed
Eagerly waiting for some response. :-)
Praseed
Hugo Leisink
24 March 2010, 22:16
So is it some thing up to the client/browser to decide how to handle the redirect ?
I don't think I understand what you mean. Anyway, using rewrites doesn't change the connection type (SSL or non-SSL). After a rewrite, the processing of a request continues and the connection type stays the same. Via a redirect, you can tell the client to resend the request via a new connection. This new connection can be of a different type, which is what you want.
So how can I do a proper configuration to accept only SSL connections on ^/www/special_ssl & non-SSL on ^/www/special?
You can't. You cannot prevent a client from sending a request via an available port. The only thing you can do is reject the request, or send a redirect.
Praseed
26 March 2010, 22:07
Thanks Hugo...
I really appreciate your great support
I really appreciate your great support
Praseed
15 April 2010, 18:39
Hi Hugo,
Using "RequiredBinding" , I am able to partially achieve my goal.
Now all POSTs to extension "special_ssl" get redirected to "special.fcgi" using SSL.
&
any connections to "special" get directed to same "special.fcgi", NOT using SSL(normal http).
Attached is my new conf file,
However there is no fixed IP address ( domain nametoo). In my setup the IP is dynamic.
So I cannot use VirtualHost, right?
Whenever the IP address changes, restarting Hiawatha each time is kind of nasty.
Is there any way I can get this done with localhost IP address 127.0.0.1 or localhost?
or use directory, instead of virtualHost?
Thanks
Praseed
Using "RequiredBinding" , I am able to partially achieve my goal.
Now all POSTs to extension "special_ssl" get redirected to "special.fcgi" using SSL.
&
any connections to "special" get directed to same "special.fcgi", NOT using SSL(normal http).
Attached is my new conf file,
However there is no fixed IP address ( domain nametoo). In my setup the IP is dynamic.
So I cannot use VirtualHost, right?
Whenever the IP address changes, restarting Hiawatha each time is kind of nasty.
Is there any way I can get this done with localhost IP address 127.0.0.1 or localhost?
or use directory, instead of virtualHost?
Thanks
Praseed
# Hiawatha main configuration file
# GENERAL SETTINGS
#
ConnectionsTotal = 150
ConnectionsPerIP = 10
SystemLogfile = /dev/null
GarbageLogfile = /dev/null
# BINDING SETTINGS
# A binding is where a client can connect to
#
Binding {
Port = 81
MaxKeepAlive = 30
TimeForRequest = 3,20
BindingID = port81
}
Binding {
Port = 443
SSLcertFile = /var/webdmn/ssl_cert/ssl_pub_cert_complete.pem
MaxKeepAlive = 30
TimeForRequest = 3,20
BindingID = port443
}
# CGI server on local machine only
#FCGI1 connects to port 2005
FastCGIserver {
FastCGIid = FCGI1
ConnectTo = 127.0.0.1:2005
Extension = fcgi
SessionTimeout = 30
}
UrlToolkit {
ToolkitID = to_fcgi
RequestURI isfile Return
Match ^/www/special_ssl Rewrite /special.fcgi
Match ^/www/special Rewrite /special.fcgi
}
#Hostname = 127.0.0.1
#WebsiteRoot = /mnt/drivers/webdmn/www/hiawatha
#AccessLogfile = /mnt/drivers/webdmn/log/hiawatha/access.log
#ErrorLogfile = /mnt/drivers/webdmn/log/hiawatha/error.log
#UseFastCGI = FCGI1
#TimeForCGI = 20
#UseToolkit = to_fcgi
# VIRTUAL HOSTS
### For SSL Connections
virtualHost {
# Arrrg, must have IP addr(or a host name) if Virtual!!!
Hostname = 192.168.1.101
WebsiteRoot = /mnt/drivers/webdmn/www/hiawatha
AccessLogfile = /mnt/drivers/webdmn/log/hiawatha/access.log
ErrorLogfile = /mnt/drivers/webdmn/log/hiawatha/error.log
TimeForCGI = 5
UseFastCGI = FCGI1
UseToolkit = to_fcgi
RequiredBinding = port443 #This line differentiates the connection type
}
# Non-SSL at port81 binding
virtualHost {
Hostname = 192.168.1.101
WebsiteRoot = /mnt/drivers/webdmn/www/hiawatha
AccessLogfile = /mnt/drivers/webdmn/log/hiawatha/access2.log
ErrorLogfile = /mnt/drivers/webdmn/log/hiawatha/error2.log
TimeForCGI = 5
UseFastCGI = FCGI1
UseToolkit = to_fcgi
RequiredBinding = port81 #This line differentiates the connection type
}
Hugo Leisink
15 April 2010, 23:12
Use the hostname of the URL people use to reach the website. If they use the IP address, there is no other way then changing the configuration and restart Hiawatha.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
