防火墙后Apache背后的Tomcat:AJP忽略X-Forwarded-Proto
对于https流量,我们有以下设置:防火墙后Apache背后的Tomcat:AJP忽略X-Forwarded-Proto,apache,tomcat,https,mod-jk,ajp,Apache,Tomcat,Https,Mod Jk,Ajp,对于https流量,我们有以下设置: 防火墙:终止https,添加“X-Forwarded-Proto:https”,通过http转发到Apache Apache:通过AJP转发给Tomcat Tomcat:通过AJP连接器接收请求 我们已将RemoteIpValve添加到Tomcat的server.xml中: <Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpH
- 防火墙:终止https,添加“X-Forwarded-Proto:https”,通过http转发到Apache
- Apache:通过AJP转发给Tomcat
- Tomcat:通过AJP连接器接收请求
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIpHeader="x-forwarded-for"
protocolHeader="x-forwarded-proto"
/>
在研究mod_jk文档之后,我发现mod_jk评估Apache环境变量
HTTPS
,以便检测HTTPS。通常,如果Apache本身处理https通信,则此变量由mod_ssl设置。但事实并非如此,因为HTTPS在Apache之前已经终止
只需根据http头设置环境变量即可实现以下目的:
SetEnvIfNoCase X-Forwarded-Proto https HTTPS=on
顺便说一句:mod_jk评估的环境变量可以使用JkHTTPSIndicator
指令更改(请参阅)。因此,以下情况也是如此:
SetEnvIfNoCase X-Forwarded-Proto https EXTERNAL_TRAFFIC_IS_HTTPS=on
JkHTTPSIndicator EXTERNAL_TRAFFIC_IS_HTTPS
如果更改HTTPS
会干扰其他模块,则可能很有用
SetEnvIfNoCase X-Forwarded-Proto https HTTPS=on
SetEnvIfNoCase X-Forwarded-Proto https EXTERNAL_TRAFFIC_IS_HTTPS=on
JkHTTPSIndicator EXTERNAL_TRAFFIC_IS_HTTPS