Richard Frovarp schrieb:
> Andreas Hartmann wrote:
>> Andreas Hartmann schrieb:
>>
>>> Thorsten Scherler schrieb:
>>>
>>>> On Tue, 2007-06-26 at 12:13 +0200, Andreas
Hartmann wrote:
>>>>
>>> [...]
>>>
>>>
>>>>> To avoid this, we'd have to use a
global SSL proxy URL for the CSS and
>>>>> image URLs. IMO we should use the SSL
variants of all outgoing links
>>>>> on an SSL-encrypted page by default.
>>>>>
>>>>> WDYT?
>>>>>
>>>> this.ssl = _request.isSecure();
>>>>
>>>> You mean something like this in the setup
method of the
>>>> proxyTransformer?
>>>>
>>> Yes, exactly. I'm not quite sure if this works
reliably with SSL
>>> offloading, but we'll find out.
>>>
>>
>> When the SSL is handled by Apache,
request.isSecure() returns false.
>> One could try to use an SSL connector in Tomcat,
but then the SSL
>> encryption CPU processing coulnd't be offloaded in
a clustered
>> environment.
>>
>> A workaround might be to use different hostnames
(localhost/127.0.0.1)
>> in the RewriteRule statements and check for these
in the
>> ProxyTransformer, but that would be my last
choice.
[...]
> Couldn't it just use relative paths and let the browser
sort out hosts
> and protocols?
When you need to switch between protocols (http/https) or
servers
(cms.example.com/www.example.com), you need complete URLs.
If you don't,
you can configure the ProxyTransformer to produce relative
URLs.
Maybe we should provide this option for the ProxyModule
service too,
or introduce a configurable ProxyLinkRewriter service which
is used by
both of them.
-- Andreas
--
Andreas Hartmann, CTO
BeCompany GmbH
http://www.becompany.ch
------------------------------------------------------------
---------
To unsubscribe, e-mail: dev-unsubscribe lenya.apache.org
For additional commands, e-mail: dev-helplenya.apache.org
|
