redirect issue

#1
Working with an external load balancer that handles all SSL transactions and forwards requests on clients behalf to backend litespeed server via regular http connections. We have a situation where we want requests like this:
https://admin.test.com to re-direct to https://admin.test.com/admin. This re-direction is handled by our rails application and worked fine with our mongrel setup. However for some reason litespeed appears to be sending the re-direct back to the browser as non-ssl -> http://admin.test.com/admin. I haven't specified any response header changes. Any thoughts?
 

mistwang

LiteSpeed Staff
#2
It is a issue with the external load balancer and mongrel/Rails, LiteSpeed is just the messenger. :)

Mongrel or rails need a special HTTP header "X-forwarded-Proto: https" in order to know the connection is SSL, when LiteSpeed handle the SSL connection directly, LSWS will set the header, so it works. When the load balancer handle SSL connection, it is the load balancer's responsibility to set this header, LSWS will forward it if set, if not, LSWS has not idea about what kind of connection it was, so the redirect will not work properly.
 
#3
We do have that header set in the load balancer as it was required for the previous mongrel setup which you have also noted. The reason we think it is something to do with Litespeed is that debugging output from the rails app does appear to show it receiving the header properly and setting the proper re-direct url. I have included some ngrep output below from the litespeed server. Thanks for the quick reply!

T client:3037 -> Litespeed server:80 [AP]
GET / HTTP/1.1..Host: admin.test.com..User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.9) Gecko/200612
06 Firefox/1.5.0.9..Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
..Accept-Language: en-us,en;q=0.5..Accept-Encoding: gzip,deflate..Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7..Keep-Alive: 3
00..Connection: keep-alive..Cookie: _session_id=543d57d3eb9eb3f80d219841981cd55f; Cookies=ON..X_FORWARDED_PROTO: https....
##
T Litespeed server:80 -> Client:3037[AP]
HTTP/1.1 302 Found..Content-Type: text/html; charset=utf-8..Set-Cookie: _session_id=543d57d3eb9eb3f80d219841981cd55f; domain=test.com; path=/..Location: https://admin.test.com/admin..Cache-Control: no-cache..Content-Encoding: gzip..Vary: Accept-Encoding..Transfer-Encoding: chunked..Server: LiteSpeed..Date: Fri, 26 Jan 2007 23:48:29
##

######
T Client:3038 -> Litespeed server:80 [AP]
GET /admin HTTP/1.1..Host: admin.test.com..User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.9) Gecko/2
0061206 Firefox/1.5.0.9..Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;
q=0.5..Accept-Language: en-us,en;q=0.5..Accept-Encoding: gzip,deflate..Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7..Keep-Ali
ve: 300..Connection: keep-alive..Cookie: _session_id=543d57d3eb9eb3f80d219841981cd55f; Cookies=ON..X_FORWARDED_PROTO: https....
##
T Litespeed server:80 -> Client:3038[AP]
HTTP/1.1 301 Moved Permanently..Server: LiteSpeed..Date: Fri, 26 Jan 2007 23:48:29 GMT..Location: http://admin.test.com/admin/..Content-Type: text/html..Content-Length: 414....<html>.<head><title> 301 Moved Permanently..</title></head>.<body><h1> 30
1 Moved Permanently..</h1>.The document has been permanently moved to <A HREF="%s">here</A>.<hr />.Powered By <a href='http://w
ww.litespeedtech.com'>LiteSpeed Web Server</a><br />.<font face="Verdana, Arial, Helvetica" size=-1>Lite Speed Technologies is
not responsible for administration and contents of this web site!</font></body></html>.
 

mistwang

LiteSpeed Staff
#4
I see.
The second redirect is because of missing trailing slash for the admin directory in the URL, LSWS does not check the "X-Forwarded-Proto" header.

This extra redirect can be avoided.

You can either add a matching context for URL "^/admin$", forward it directly to mongrel, tell LSWS avoid checking the existance of admin/ directory.

Or, just redirect to "/admin/" from "/", if URL "/admin/" works as well.
 
#5
Sorry for any confusion - we are not using mongrel at all, just litespeed with LSAPI. The /admin in the URI is not a directory but a RAILS action and should not need the trailing slash. The second request should not result in another redirect at all, but it seems litespeed is responding with a 301 instead of passing the request on to Rails. Thanks again
 

mistwang

LiteSpeed Staff
#6
I believe that there is a admin/ directory under the public directory, otherwise, LSWS will not redirect.
You should either remove it, or rewrite "/admin" to "/dispatch.lsapi" with a rewrite rule at vhost level, it will tell LSWS to skip the checking of admin directory, thus the redirect.
 
Top