[CentOS] Off Topic - SSL reverse proxy and Mixed Content
Clint Dilks
clintd at waikato.ac.nz
Tue Oct 6 20:00:33 UTC 2015
On Tue, Oct 6, 2015 at 7:46 PM, Gordon Messmer <gordon.messmer at gmail.com>
wrote:
> On 09/30/2015 08:22 PM, Clint Dilks wrote:
>
>> I have a site that I want to work behind a reverse proxy (httpd) if using
>> http:// everything works as expected. If using https:// some content is
>> displayed but some content is blocked because of stylesheets and etc being
>> requested via http rather https.
>>
>> I know that the long term solution should be to get all code changed so
>> that it references
>> //myserver/resource or /resource rather than http://myserver/resource but
>> is there anything I can do with httpd to get this working until these
>> changes are made ?
>>
>
> I don't think so. It sounds like the "block" you're describing is
> client-side. Your browser, by default, may block mixed content.
>
> Otherwise, if you have working reverse proxies for http and https, there
> shouldn't be a problem.
>
>
Morning, thanks for the feedback. As far as I can see most browsers are
now blocking Mixed Content by default
> Thanks for any suggestions. Below is my current VirtualHost config
>>
>> ProxyRequests On
>> ProxyPreserveHost On
>> ProxyTimeout 300
>> <Proxy *>
>> Order allow,deny
>> Allow from all
>> </Proxy>
>>
>
> That is a severe security problem. In a reverse proxy setup,
> ProxyRequests should be off, and the Proxy allow/deny section isn't needed
> at all.
>
>
Thanks for spotting the ProxyRequests On, I knew this was supposed to be
Off but obliviously made a typo and didn't spot it.
Now to go and double check that I haven't done this other places that I
shouldn't.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
More information about the CentOS
mailing list