Details
-
Type:
Improvement
-
Status: In Progress
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: Systems & Operations
-
Component/s: None
-
Labels:None
-
Sprint:Sprint 7, Sprint 8, Sprint 9
Description
The Rackspace LoadBalancer inserts extra http request headers pertaining to the client ip and port.
We can update the apache configuration to log the client IP and redirect non-ssl to ssl while keeping the ssl endpoint on the loadbalancer
Client IP Address :: X-Forwarded-For: 70.166.144.17
TCP port :: X-Forwarded-Port: 443
Httpd.conf
============
LogFormat "%h %
i %
{X-Forwarded-Port}i %l %u %t \"%r\" %>s %b \"%
{Referer}i\" \"%
{User-Agent}i\"" combined
-
- redirect clients to SSL when coming through load balancer
RewriteEngine on
RewriteCond % {HTTP:X-Forwarded-For}.
{HTTP:X-Forwarded-Port}
RewriteCond %!^443$
{HTTP_HOST}
RewriteRule ^/(.*) https://%/$1 [L,R]
- redirect clients to SSL when coming through load balancer
HTTP request dump via TCPDump on aml1-front1
=====================================
GET /reseller HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0
X-Forwarded-For: 70.166.144.17
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
SSLClientCertStatus: NoClientCert
X-Forwarded-Proto: https
Accept-Language: en-US,en;q=0.5
SSLClientCipher: SSL_RSA_WITH_RC4_128_SHA, version=TLSv1, bits=128
Host: 174.143.186.78
SSLSessionID: 79B137DBFADA065D147B4AB8EA1F017D638E7767498F329A3D504DA7A51A8C27
X-Cluster-Client-Ip: 70.166.144.17
Cookie: amlRslr_Locale=en; JSESSIONID=6CC7FCE21F8BD548170E3D1301CE2ADB; X-Mapping-fjhppofk=7EC676048399D32070DE7D24CC50EC27
Connection: keep-alive
X-Forwarded-Port: 443
Accept-Encoding: gzip, deflate
DNT: 1
