redirect issue

Discussion in 'General' started by gwhite, Jan 26, 2007.

  1. gwhite

    gwhite New Member

    Working with an external load balancer that handles all SSL transactions and forwards requests on clients behalf to backend litespeed server via regular http connections. We have a situation where we want requests like this:
    https://admin.test.com to re-direct to https://admin.test.com/admin. This re-direction is handled by our rails application and worked fine with our mongrel setup. However for some reason litespeed appears to be sending the re-direct back to the browser as non-ssl -> http://admin.test.com/admin. I haven't specified any response header changes. Any thoughts?
  2. mistwang

    mistwang LiteSpeed Staff

    It is a issue with the external load balancer and mongrel/Rails, LiteSpeed is just the messenger. :)

    Mongrel or rails need a special HTTP header "X-forwarded-Proto: https" in order to know the connection is SSL, when LiteSpeed handle the SSL connection directly, LSWS will set the header, so it works. When the load balancer handle SSL connection, it is the load balancer's responsibility to set this header, LSWS will forward it if set, if not, LSWS has not idea about what kind of connection it was, so the redirect will not work properly.
  3. gwhite

    gwhite New Member

    We do have that header set in the load balancer as it was required for the previous mongrel setup which you have also noted. The reason we think it is something to do with Litespeed is that debugging output from the rails app does appear to show it receiving the header properly and setting the proper re-direct url. I have included some ngrep output below from the litespeed server. Thanks for the quick reply!

    T client:3037 -> Litespeed server:80 [AP]
    GET / HTTP/1.1..Host: admin.test.com..User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.9) Gecko/200612
    06 Firefox/1.5.0.9..Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
    ..Accept-Language: en-us,en;q=0.5..Accept-Encoding: gzip,deflate..Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7..Keep-Alive: 3
    00..Connection: keep-alive..Cookie: _session_id=543d57d3eb9eb3f80d219841981cd55f; Cookies=ON..X_FORWARDED_PROTO: https....
    ##
    T Litespeed server:80 -> Client:3037[AP]
    HTTP/1.1 302 Found..Content-Type: text/html; charset=utf-8..Set-Cookie: _session_id=543d57d3eb9eb3f80d219841981cd55f; domain=test.com; path=/..Location: https://admin.test.com/admin..Cache-Control: no-cache..Content-Encoding: gzip..Vary: Accept-Encoding..Transfer-Encoding: chunked..Server: LiteSpeed..Date: Fri, 26 Jan 2007 23:48:29
    ##

    ######
    T Client:3038 -> Litespeed server:80 [AP]
    GET /admin HTTP/1.1..Host: admin.test.com..User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.9) Gecko/2
    0061206 Firefox/1.5.0.9..Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;
    q=0.5..Accept-Language: en-us,en;q=0.5..Accept-Encoding: gzip,deflate..Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7..Keep-Ali
    ve: 300..Connection: keep-alive..Cookie: _session_id=543d57d3eb9eb3f80d219841981cd55f; Cookies=ON..X_FORWARDED_PROTO: https....
    ##
    T Litespeed server:80 -> Client:3038[AP]
    HTTP/1.1 301 Moved Permanently..Server: LiteSpeed..Date: Fri, 26 Jan 2007 23:48:29 GMT..Location: http://admin.test.com/admin/..Content-Type: text/html..Content-Length: 414....<html>.<head><title> 301 Moved Permanently..</title></head>.<body><h1> 30
    1 Moved Permanently..</h1>.The document has been permanently moved to <A HREF="%s">here</A>.<hr />.Powered By <a href='http://w
    ww.litespeedtech.com'>LiteSpeed Web Server</a><br />.<font face="Verdana, Arial, Helvetica" size=-1>Lite Speed Technologies is
    not responsible for administration and contents of this web site!</font></body></html>.
  4. mistwang

    mistwang LiteSpeed Staff

    I see.
    The second redirect is because of missing trailing slash for the admin directory in the URL, LSWS does not check the "X-Forwarded-Proto" header.

    This extra redirect can be avoided.

    You can either add a matching context for URL "^/admin$", forward it directly to mongrel, tell LSWS avoid checking the existance of admin/ directory.

    Or, just redirect to "/admin/" from "/", if URL "/admin/" works as well.
  5. gwhite

    gwhite New Member

    Sorry for any confusion - we are not using mongrel at all, just litespeed with LSAPI. The /admin in the URI is not a directory but a RAILS action and should not need the trailing slash. The second request should not result in another redirect at all, but it seems litespeed is responding with a 301 instead of passing the request on to Rails. Thanks again
  6. mistwang

    mistwang LiteSpeed Staff

    I believe that there is a admin/ directory under the public directory, otherwise, LSWS will not redirect.
    You should either remove it, or rewrite "/admin" to "/dispatch.lsapi" with a rewrite rule at vhost level, it will tell LSWS to skip the checking of admin directory, thus the redirect.
  7. gwhite

    gwhite New Member

    Ahh you are right - lack of communication between myself and developers! :S Thanks for your patience - makes sense now.

Share This Page