[CentOS] Off Topic - SSL reverse proxy and Mixed Content

Tue Oct 6 20:00:33 UTC 2015
Clint Dilks <clintd at waikato.ac.nz>

On Tue, Oct 6, 2015 at 7:46 PM, Gordon Messmer <gordon.messmer at gmail.com>
wrote:

> On 09/30/2015 08:22 PM, Clint Dilks wrote:
>
>> I have a site that I want to work behind a reverse proxy (httpd) if using
>> http:// everything works as expected.  If using https:// some content is
>> displayed but some content is blocked because of stylesheets and etc being
>> requested via http rather https.
>>
>> I know that the long term solution should be to get all code changed so
>> that it references
>> //myserver/resource or /resource rather than http://myserver/resource but
>> is there anything I can do with httpd to get this working until these
>> changes are made ?
>>
>
> I don't think so.  It sounds like the "block" you're describing is
> client-side.  Your browser, by default, may block mixed content.
>


> Otherwise, if you have working reverse proxies for http and https, there
> shouldn't be a problem.
>
>
Morning, thanks for the feedback.  As far as I can see most browsers are
now blocking Mixed Content by default



> Thanks for any suggestions.  Below is my current VirtualHost config
>>
>>     ProxyRequests On
>>     ProxyPreserveHost On
>>     ProxyTimeout 300
>>      <Proxy *>
>>         Order allow,deny
>>         Allow from all
>>      </Proxy>
>>
>
> That is a severe security problem.  In a reverse proxy setup,
> ProxyRequests should be off, and the Proxy allow/deny section isn't needed
> at all.
>
>
Thanks for spotting the ProxyRequests On, I knew this was supposed to be
Off but obliviously made a typo and didn't spot it.
Now to go and double check that I haven't done this other places that I
shouldn't.



> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>