diff options
Diffstat (limited to 'sca-cpp/trunk/modules')
-rwxr-xr-x | sca-cpp/trunk/modules/http/httpd-ssl-conf | 21 | ||||
-rw-r--r-- | sca-cpp/trunk/modules/http/httpd.hpp | 20 | ||||
-rwxr-xr-x | sca-cpp/trunk/modules/http/proxy-ssl-conf | 16 | ||||
-rw-r--r-- | sca-cpp/trunk/modules/server/mod-wiring.cpp | 16 |
4 files changed, 51 insertions, 22 deletions
diff --git a/sca-cpp/trunk/modules/http/httpd-ssl-conf b/sca-cpp/trunk/modules/http/httpd-ssl-conf index a6da987345..a965bd859c 100755 --- a/sca-cpp/trunk/modules/http/httpd-ssl-conf +++ b/sca-cpp/trunk/modules/http/httpd-ssl-conf @@ -102,6 +102,14 @@ SSLOptions -StrictRequire +OptRenegotiate SSLVerifyClient optional SSLVerifyDepth 1 +# Enable SSL proxy engine +SSLProxyEngine on +SSLProxyCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + +# Verify server certificates +SSLProxyVerify require +SSLProxyVerifyDepth 1 + # Log SSL requests LogFormat "[%{%a %b %d %H:%M:%S %Y}t] [sslaccess] %h %l %u %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" \"%{SSL_CLIENT_I_DN}x\" \"%{SSL_CLIENT_S_DN}x\"" sslcombined CustomLog $root/logs/ssl_access_log sslcombined @@ -201,6 +209,11 @@ cat >>$root/conf/vhost-ssl.conf <<EOF EOF +proxycert="server" +if [ "$proxyconf" != "" ]; then + proxycert="proxy" +fi + cat >$root/conf/svhost-ssl.conf <<EOF # Generated by: httpd-ssl-conf $* # Static virtual host configuration @@ -212,6 +225,10 @@ SSLCertificateChainFile "$root/cert/ca.crt" SSLCertificateFile "$root/cert/server.crt" SSLCertificateKeyFile "$root/cert/server.key" +# Declare proxy SSL client certificates +SSLProxyCACertificateFile "$root/cert/ca.crt" +SSLProxyMachineCertificateFile "$root/cert/$proxycert.pem" + EOF cat >$root/conf/dvhost-ssl.conf <<EOF @@ -225,5 +242,9 @@ SSLCertificateChainFile "$root/cert/ca.crt" SSLCertificateFile "$root/cert/vhost.crt" SSLCertificateKeyFile "$root/cert/vhost.key" +# Declare proxy SSL client certificates +SSLProxyCACertificateFile "$root/cert/ca.crt" +SSLProxyMachineCertificateFile "$root/cert/$proxycert.pem" + EOF diff --git a/sca-cpp/trunk/modules/http/httpd.hpp b/sca-cpp/trunk/modules/http/httpd.hpp index ef89cbda0a..3c759d770c 100644 --- a/sca-cpp/trunk/modules/http/httpd.hpp +++ b/sca-cpp/trunk/modules/http/httpd.hpp @@ -128,7 +128,21 @@ const string subdomain(const string& host) { * Return true if a request is targeting a virtual host. */ const bool isVirtualHostRequest(const server_rec* s, request_rec* r) { - return serverName(r) != serverName(s); + return hostName(r) != hostName(s); +} + +/** + * Return the protocol scheme for a server. + */ +const string scheme(const server_rec* s, const string& def = "http") { + return s->server_scheme != NULL? s->server_scheme : def; +} + +/** + * Return the protocol scheme from an HTTP request. + */ +const string scheme(request_rec* r, const string& def = "http") { + return r->server->server_scheme != NULL? r->server->server_scheme : def; } /** @@ -306,10 +320,11 @@ const failable<request_rec*, int> internalRedirectRequest(const string& nr_uri, nr->method_number = r->method_number; nr->allowed_methods = ap_make_method_list(nr->pool, 2); ap_parse_uri(nr, apr_pstrdup(nr->pool, c_str(nr_uri))); + nr->filename = apr_pstrdup(nr->pool, c_str(string("/redirected:") + nr_uri)); nr->request_config = ap_create_request_config(r->pool); nr->per_dir_config = r->server->lookup_defaults; nr->prev = r; - r->next = nr; + r->next = nr; // Run create request hook ap_run_create_request(nr); @@ -382,6 +397,7 @@ const int internalRedirect(request_rec* nr) { * Create and process an HTTPD internal redirect request. */ const int internalRedirect(const string& uri, request_rec* r) { + debug(uri, "httpd::internalRedirect"); const failable<request_rec*, int> nr = httpd::internalRedirectRequest(uri, r); if (!hasContent(nr)) return reason(nr); diff --git a/sca-cpp/trunk/modules/http/proxy-ssl-conf b/sca-cpp/trunk/modules/http/proxy-ssl-conf index f5e70e12f9..8f8d51c7a4 100755 --- a/sca-cpp/trunk/modules/http/proxy-ssl-conf +++ b/sca-cpp/trunk/modules/http/proxy-ssl-conf @@ -48,21 +48,5 @@ Allow from all Require user admin </Location> -# Enable SSL proxy engine -SSLProxyEngine on -SSLProxyCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL - -# Verify server certificates -SSLProxyVerify require -SSLProxyVerifyDepth 1 - -EOF - -cat >>$root/conf/vhost-ssl.conf <<EOF -# Generated by: proxy-ssl-conf $* -# Declare the proxy SSL client certificates -SSLProxyCACertificateFile "$root/cert/ca.crt" -SSLProxyMachineCertificateFile "$root/cert/proxy.pem" - EOF diff --git a/sca-cpp/trunk/modules/server/mod-wiring.cpp b/sca-cpp/trunk/modules/server/mod-wiring.cpp index 32217172fd..17cfcaae0e 100644 --- a/sca-cpp/trunk/modules/server/mod-wiring.cpp +++ b/sca-cpp/trunk/modules/server/mod-wiring.cpp @@ -109,7 +109,9 @@ int translateReference(const ServerConf& sc, request_rec *r) { // Route to an absolute target URI using mod_proxy or an HTTP client redirect if (isAbsolute(target)) { if (useModProxy) { - r->filename = apr_pstrdup(r->pool, c_str(string("proxy:") + target)); + // Build proxy URI using current request's protocol scheme + r->filename = apr_pstrdup(r->pool, c_str(string("proxy:") + httpd::scheme(r) + substr(target, find(target, "://")))); + debug(r->filename, "modwiring::translateReference::filename"); r->proxyreq = PROXYREQ_REVERSE; r->handler = "proxy-server"; return OK; @@ -117,12 +119,15 @@ int translateReference(const ServerConf& sc, request_rec *r) { r->status = HTTP_MOVED_TEMPORARILY; apr_table_setn(r->headers_out, "Location", apr_pstrdup(r->pool, c_str(target))); + r->filename = apr_pstrdup(r->pool, c_str(string("/redirect:/") + target)); + debug(target, "modwiring::translateReference::location"); r->handler = "mod_tuscany_wiring"; return OK; } // Route to a relative target URI using a local internal redirect r->filename = apr_pstrdup(r->pool, c_str(string("/redirect:/components/") + substr(target, 0, find(target, '/')))); + debug(r->filename, "modwiring::translateReference::filename"); r->handler = "mod_tuscany_wiring"; return OK; } @@ -310,7 +315,7 @@ int translate(request_rec *r) { gc_scoped_pool pool(r->pool); const ServerConf& sc = httpd::serverConf<ServerConf>(r, &mod_tuscany_wiring); - // Process dynamic virtual host configuration, if any + // Process dynamic virtual host configuration VirtualHostConf vhc(sc); const bool usevh = hasVirtualCompositeConf(vhc.sc) && httpd::isVirtualHostRequest(sc.server, r); if (usevh) { @@ -338,14 +343,17 @@ int handler(request_rec *r) { if (r->filename == NULL || strncmp(r->filename, "/redirect:", 10) != 0) return DECLINED; + // Nothing to do for an external redirect + if (r->status == HTTP_MOVED_TEMPORARILY) + return OK; + + // Do an internal redirect gc_scoped_pool pool(r->pool); httpdDebugRequest(r, "modwiring::handler::input"); - // Do an internal redirect debug(r->uri, "modwiring::handler::uri"); debug(r->filename, "modwiring::handler::filename"); debug(r->path_info, "modwiring::handler::path info"); - if (r->args == NULL) return httpd::internalRedirect(httpd::redirectURI(string(r->filename + 10), string(r->path_info)), r); return httpd::internalRedirect(httpd::redirectURI(string(r->filename + 10), string(r->path_info), string(r->args)), r); |